| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240726104848.2756962-1-leitao@debian.org>
Date: Fri, 26 Jul 2024 03:48:45 -0700
From: Breno Leitao <leitao@...ian.org>
To: akinobu.mita@...il.com,
akpm@...ux-foundation.org
Cc: leit@...a.com,
linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] fault-injection: Enhance failcmd to exit on non-hex address input
The failcmd.sh script in the fault-injection toolkit does not currently
validate whether the provided address is in hexadecimal format. This can
lead to silent failures if the address is sourced from places like
`/proc/kallsyms`, which omits the '0x' prefix, potentially causing users
to operate under incorrect assumptions.
Introduce a new function, `exit_if_not_hex`, which checks the format of
the provided address and exits with an error message if the address is
not a valid hexadecimal number.
This enhancement prevents users from running the command with
improperly formatted addresses, thus improving the robustness and
usability of the failcmd tool.
Signed-off-by: Breno Leitao <leitao@...ian.org>
---
tools/testing/fault-injection/failcmd.sh | 12 ++++++++++++
1 file changed, 12 insertions(+)
mode change 100644 => 100755 tools/testing/fault-injection/failcmd.sh
diff --git a/tools/testing/fault-injection/failcmd.sh b/tools/testing/fault-injection/failcmd.sh
old mode 100644
new mode 100755
index 78dac34264be..234d49fc49d9
--- a/tools/testing/fault-injection/failcmd.sh
+++ b/tools/testing/fault-injection/failcmd.sh
@@ -64,6 +64,14 @@ ENVIRONMENT
EOF
}
+exit_if_not_hex() {
+ local value="$1"
+ if ! [[ $value =~ ^0x[0-9a-fA-F]+$ ]]; then
+ echo "Error: The provided value '$value' is not a valid hexadecimal number."
+ exit 1
+ fi
+}
+
if [ $UID != 0 ]; then
echo must be run as root >&2
exit 1
@@ -160,18 +168,22 @@ while true; do
shift 2
;;
--require-start)
+ exit_if_not_hex "$2"
echo $2 > $FAULTATTR/require-start
shift 2
;;
--require-end)
+ exit_if_not_hex "$2"
echo $2 > $FAULTATTR/require-end
shift 2
;;
--reject-start)
+ exit_if_not_hex "$2"
echo $2 > $FAULTATTR/reject-start
shift 2
;;
--reject-end)
+ exit_if_not_hex "$2"
echo $2 > $FAULTATTR/reject-end
shift 2
;;
--
2.43.0
Powered by blists - more mailing lists