| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <GV1PR10MB65635561FB160078C3744B5FE8B4A@GV1PR10MB6563.EURPRD10.PROD.OUTLOOK.COM>
Date: Mon, 20 Nov 2023 05:34:05 +0530
From: Yuran Pereira <yuran.pereira@...mail.com>
To: kgdb-bugreport@...ts.sourceforge.net,
linux-trace-kernel@...r.kernel.org
Cc: Yuran Pereira <yuran.pereira@...mail.com>,
jason.wessel@...driver.com, daniel.thompson@...aro.org,
dianders@...omium.org, rostedt@...dmis.org, mhiramat@...nel.org,
linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: [PATCH 0/2] Replace the use of simple_strtol/ul functions with kstrto
The simple_str* family of functions perform no error checking in
scenarios where the input value overflows the intended output variable.
This results in these function successfully returning even when the
output does not match the input string.
Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
simple_strtoul(), and simple_strtoull() functions explicitly ignore
overflows, which may lead to unexpected results in callers."
Hence, the use of those functions is discouraged.
This patch series replaces uses of the simple_strto* series of function
with the safer kstrto* alternatives.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull
Yuran Pereira (2):
kdb: Replace the use of simple_strto with safer kstrto in kdb_main
trace: kdb: Replace simple_strtoul with kstrtoul in kdb_ftdump
kernel/debug/kdb/kdb_main.c | 70 +++++++++++--------------------------
kernel/trace/trace_kdb.c | 14 ++++----
2 files changed, 27 insertions(+), 57 deletions(-)
--
2.25.1
Powered by blists - more mailing lists