lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAC5umygxnq=h1H2CCeprzaggu_A4DxZia3EEBTYk7sb72OnQFA@mail.gmail.com>
Date: Sun, 28 Jul 2024 18:00:14 +0900
From: Akinobu Mita <akinobu.mita@...il.com>
To: Breno Leitao <leitao@...ian.org>
Cc: akpm@...ux-foundation.org, leit@...a.com, 
	open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] fault-injection: Enhance failcmd to exit on non-hex
 address input

2024年7月26日(金) 19:50 Breno Leitao <leitao@...ian.org>:
>
> The failcmd.sh script in the fault-injection toolkit does not currently
> validate whether the provided address is in hexadecimal format. This can
> lead to silent failures if the address is sourced from places like
> `/proc/kallsyms`, which omits the '0x' prefix, potentially causing users
> to operate under incorrect assumptions.
>
> Introduce a new function, `exit_if_not_hex`, which checks the format of
> the provided address and exits with an error message if the address is
> not a valid hexadecimal number.
>
> This enhancement prevents users from running the command with
> improperly formatted addresses, thus improving the robustness and
> usability of the failcmd tool.
>
> Signed-off-by: Breno Leitao <leitao@...ian.org>
> ---
>  tools/testing/fault-injection/failcmd.sh | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
>  mode change 100644 => 100755 tools/testing/fault-injection/failcmd.sh
>
> diff --git a/tools/testing/fault-injection/failcmd.sh b/tools/testing/fault-injection/failcmd.sh
> old mode 100644
> new mode 100755
> index 78dac34264be..234d49fc49d9
> --- a/tools/testing/fault-injection/failcmd.sh
> +++ b/tools/testing/fault-injection/failcmd.sh
> @@ -64,6 +64,14 @@ ENVIRONMENT
>  EOF
>  }
>
> +exit_if_not_hex() {
> +    local value="$1"
> +    if ! [[ $value =~ ^0x[0-9a-fA-F]+$ ]]; then
> +        echo "Error: The provided value '$value' is not a valid hexadecimal number."

It is better to write error messages to standard error rather than
standard output.

Other than that I think it's good.

> +        exit 1
> +    fi
> +}
> +
>  if [ $UID != 0 ]; then
>         echo must be run as root >&2
>         exit 1
> @@ -160,18 +168,22 @@ while true; do
>                 shift 2
>                 ;;
>         --require-start)
> +               exit_if_not_hex "$2"
>                 echo $2 > $FAULTATTR/require-start
>                 shift 2
>                 ;;
>         --require-end)
> +               exit_if_not_hex "$2"
>                 echo $2 > $FAULTATTR/require-end
>                 shift 2
>                 ;;
>         --reject-start)
> +               exit_if_not_hex "$2"
>                 echo $2 > $FAULTATTR/reject-start
>                 shift 2
>                 ;;
>         --reject-end)
> +               exit_if_not_hex "$2"
>                 echo $2 > $FAULTATTR/reject-end
>                 shift 2
>                 ;;
> --
> 2.43.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ