lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jan 2024 01:16:22 +1100
From: David Disseldorp <ddiss@...e.de>
To: Qu Wenruo <wqu@...e.com>
Cc: linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
 akpm@...ux-foundation.org, christophe.jaillet@...adoo.fr,
 andriy.shevchenko@...ux.intel.com, David.Laight@...LAB.COM
Subject: Re: [PATCH v2 1/4] kstrtox: always skip the leading "0x" even if no
 more valid chars

On Tue,  2 Jan 2024 14:42:11 +1030, Qu Wenruo wrote:

> Currently the invalid string "0x" (only hex prefix, no valid chars
> followed) would make _parse_integer_fixup_radix() to treat it as octal.
> 
> This is due to the fact that the function would only auto-detect hex if
> and only if there is any valid hex char after "0x".
> Or it would only go octal instead.
> 
> Thankfully this won't affect our unit test, as "0x" would still be
> treated as failure.
> Since we treat the result as octal, the result value would be 0, leaving
> "x" as the tailing char and still fail kstrtox() functions.
> 
> But for the incoming memparse_safe(), the remaining string would still
> be consumed by the caller, and we need to properly treat "0x" as an
> invalid string.
> 
> So this patch would make _parse_integer_fixup_radix() to forcefully go
> hex no matter if there is any valid char following.
> 
> Signed-off-by: Qu Wenruo <wqu@...e.com>
> ---
>  lib/kstrtox.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/kstrtox.c b/lib/kstrtox.c
> index d586e6af5e5a..41c9a499bbf3 100644
> --- a/lib/kstrtox.c
> +++ b/lib/kstrtox.c
> @@ -27,7 +27,7 @@ const char *_parse_integer_fixup_radix(const char *s, unsigned int *base)
>  {
>  	if (*base == 0) {
>  		if (s[0] == '0') {
> -			if (_tolower(s[1]) == 'x' && isxdigit(s[2]))
> +			if (_tolower(s[1]) == 'x')
>  				*base = 16;
>  			else
>  				*base = 8;

There's a copy of this function in arch/x86/boot/string.c which should
probably remain consistent (or be removed). Aside from that, this looks
good to me:
Reviewed-by: David Disseldorp <ddiss@...e.de>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ