| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Sep 2023 16:48:40 +0200
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Hans de Goede <hdegoede@...hat.com>,
Mark Pearson <mpearson-lenovo@...ebb.ca>,
platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Mark Pearson <markpearson@...ovo.com>,
Mark Gross <markgross@...nel.org>
Subject: Re: [PATCH v1 2/2] platform/x86: think-lmi: Use strreplace() to
replace a character by nul
On 13/09/2023 11.27, Andy Shevchenko wrote:
> @@ -921,7 +913,7 @@ static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *at
> static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> {
> struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
> - char *item, *value, *p;
> + char *item, *value;
> int ret;
>
> ret = tlmi_setting(setting->index, &item, LENOVO_BIOS_SETTING_GUID);
> @@ -934,8 +926,7 @@ static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *a
> ret = -EINVAL;
> else {
> /* On Workstations remove the Options part after the value */
> - p = strchrnul(value, ';');
> - *p = '\0';
> + strreplace(value, ';', '\0');
So how do you know that the string contains at most one ';'? Same for
all the other replacements. If that's not guaranteed, this is not at all
equivalent.
Or maybe the result is just used a normal string afterwards, and it
doesn't matter at all how the content after the first ';' has been mangled?
It's certainly not obvious to me that this is correct, but of course I
know nothing about this code.
Rasmus
Powered by blists - more mailing lists