lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOOmCE-6Mz5YoZs+Xac+p=+yFpL+EctVFsCsMum6SLzKYqTY5g@mail.gmail.com>
Date:   Fri, 28 Apr 2023 14:38:46 -0500
From:   Jorge Lopez <jorgealtxwork@...il.com>
To:     Thomas Weißschuh <thomas@...ch.de>
Cc:     hdegoede@...hat.com, platform-driver-x86@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v11 08/14] HP BIOSCFG driver - bioscfg-h

On Fri, Apr 28, 2023 at 11:30 AM Thomas Weißschuh <thomas@...ch.de> wrote:
>
> On 2023-04-28 11:19:04-0500, Jorge Lopez wrote:
> > On Fri, Apr 28, 2023 at 11:09 AM Thomas Weißschuh <thomas@...ch.de> wrote:
> > >
> > > On 2023-04-28 11:03:56-0500, Jorge Lopez wrote:
> > > > On Fri, Apr 28, 2023 at 10:36 AM Thomas Weißschuh <thomas@...ch.de> wrote:
> > > > >
> > > > > On 2023-04-28 10:24:40-0500, Jorge Lopez wrote:
> > > > > > On Sun, Apr 23, 2023 at 7:01 AM Thomas Weißschuh <thomas@...ch.de> wrote:
> > > > > > >
> > > > > > > On 2023-04-20 11:54:48-0500, Jorge Lopez wrote:
> > > > > > > > ---
> > > > > > > >  drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 613 +++++++++++++++++++
> > > > > > > >  1 file changed, 613 insertions(+)
> > > > > > > >  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > >
> > > <snip>
> > >
> > > > > > > > +#define ATTRIBUTE_PROPERTY_STORE(curr_val, type)                     \
> > > > > > > > +     static ssize_t curr_val##_store(struct kobject *kobj,           \
> > > > > > > > +                                     struct kobj_attribute *attr,    \
> > > > > > > > +                                     const char *buf, size_t count)  \
> > > > > > > > +     {                                                               \
> > > > > > > > +             char *p = NULL;                                         \
> > > > > > > > +             char *attr_value = NULL;                                \
> > > > > > > > +             int i;                                                  \
> > > > > > > > +             int ret = -EIO;                                         \
> > > > > > > > +                                                                     \
> > > > > > > > +             attr_value = kstrdup(buf, GFP_KERNEL);                  \
> > > > > > > > +             if (!attr_value)                                        \
> > > > > > > > +                     return -ENOMEM;                                 \
> > > > > > > > +                                                                     \
> > > > > > > > +             p = memchr(attr_value, '\n', count);                    \
> > > > > > > > +             if (p != NULL)                                          \
> > > > > > > > +                     *p = '\0';                                      \
> > > > > > >
> > > > > > > This can also truncate the string if there is data after the newline.
> > > > > >
> > > > > > This is a expected behavior as described by Hans in a later email
> > > > >
> > > > > I'm fine with stripping a trailing newline.
> > > > >
> > > > > But this truncates the string at the first newline.
> > > > >
> > > > > "foo\nbar" -> "foo"
> > > > > "\nfoo" -> ""
> > > > >
> > > > All inputs expected by this driver and respectively by BIOS are a
> > > > single line.  For this reason, '\n' will cause the string to be
> > > > truncated.
> > > > I propose reporting a warning message indicating that the data entered
> > > > has a '\n' character and will be truncated in addition to failing the
> > > > operation with -EINVAL
> > >
> > > EINVAL sounds good, but a warning is overkill IMO.
> > >
> > > Whoever put in the garbage value will see the error.
> > >
> > > Stripping a trailing newline still seems fine though.
> >
> > So. should the driver return an -EINVAL error or truncate the line,
> > report a warning message, and allow it to proceed.?
> > Please advice
>
> p = memchr(attr_value, '\n', count)
> if (p == attr_value + count - 1) {
>         *p = '\0'; /* strip trailing newline */
>         count--;
> } else if (p) {
>         return -EINVAL; /* enforce single line input */
> }
>
> (untested)
>
> When putting it into a helper you may need to adapt it a bit.
>
> > > This would be a very good candidate for a helper function.

Done!   Helper function created.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ