lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20230730110833.GA12462@1wt.eu>
Date:   Sun, 30 Jul 2023 13:08:33 +0200
From:   Willy Tarreau <w@....eu>
To:     Thomas Weißschuh <thomas@...ch.de>
Cc:     Yuan Tan <tanyuan@...ylab.org>, falcon@...ylab.org,
        linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH 2/2] selftests/nolibc: add testcase for pipe.

On Sun, Jul 30, 2023 at 10:07:24AM +0200, Thomas Weißschuh wrote:
> > In fact you make a good point regarding the fact that the test doesn't
> > use read()'s return value. This problem totally goes away if the return
> > value is used, e.g.:
> > 
> >       len = read(pipefd[0], buf, sizeof(buf));
> >       close(pipefd[0]);
> >       waitpid(pid, NULL, 0);
> >       return len < 0 || len > sizeof(buf) || len > strlen(msg) || memcmp(buf, msg, len) != 0;
> 
> Wouldn't this happily accept len == 0?
> 
> Why not just:
> 
> if (len != strlen(msg))
>   return 1;
> return !!memcmp(buf, msg, len);

Indeed, works for me.

> Also so far we have assumed that one call one call to read() is enough.
> But looking at pipe(7) this is not guaranteed by the spec.
> If we want to be really sure, a loop around read() seems to be necessary.

In practice it will be OK as the message is small and sent in one syscall,
so let's not care too much about this for now.

Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ