lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 18 Sep 2023 18:38:19 +0300
From:   Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To:     Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:     Hans de Goede <hdegoede@...hat.com>,
        Mark Pearson <mpearson-lenovo@...ebb.ca>,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
        Mark Pearson <markpearson@...ovo.com>,
        Mark Gross <markgross@...nel.org>
Subject: Re: [PATCH v1 2/2] platform/x86: think-lmi: Use strreplace() to
 replace a character by nul

On Mon, Sep 18, 2023 at 04:48:40PM +0200, Rasmus Villemoes wrote:
> On 13/09/2023 11.27, Andy Shevchenko wrote:

> > -		p = strchrnul(value, ';');
> > -		*p = '\0';
> > +		strreplace(value, ';', '\0');
> 
> So how do you know that the string contains at most one ';'? Same for
> all the other replacements. If that's not guaranteed, this is not at all
> equivalent.
> 
> Or maybe the result is just used a normal string afterwards, and it
> doesn't matter at all how the content after the first ';' has been mangled?
> 
> It's certainly not obvious to me that this is correct, but of course I
> know nothing about this code.

If you read the comment and code slightly above you may get that this is not
a problem at all. There are no side effects as the part after first occurrence
of ; is not used and original string is NUL-terminated.

-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ