lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAD=FV=UpKjTe78vexUXFThPXtx1KjhfR_u+1hpQpkh8ei-F5aA@mail.gmail.com>
Date: Mon, 21 Oct 2024 10:14:15 -0700
From: Doug Anderson <dianders@...omium.org>
To: Nir Lichtman <nir@...htman.org>
Cc: jason.wessel@...driver.com, daniel.thompson@...aro.org, 
	kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org, 
	Yuran Pereira <yuran.pereira@...mail.com>
Subject: Re: [PATCH v2] KDB: Fix incorrect treatment of numbers in the CLI

Hi,

On Sat, Oct 19, 2024 at 1:42 PM Nir Lichtman <nir@...htman.org> wrote:
>
> Problem: In many cases, KDB treats invalid commands as numbers and
> instead of printing a usage error, goes ahead and just prints the number
> in hex
>
> Example: This can be demonstrated when typing for example "aaazzz", this
> confuses KDB into thinking this is the hexadecimal 0xAAA
>
> Solution: Transition to using kstrtoul instead of simple_strtoul.
> This function is more strict with what it treats as a number
> and thus solves the issue.
> (also better practice as stated in the definition of simple_strtoul).
>
> v2: Removed redundant if condition I put in v1
>
> Signed-off-by: Nir Lichtman <nir@...htman.org>
> ---
>  kernel/debug/kdb/kdb_main.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
> index f5f7d7fb5936..4cbd5cd26821 100644
> --- a/kernel/debug/kdb/kdb_main.c
> +++ b/kernel/debug/kdb/kdb_main.c
> @@ -402,18 +402,15 @@ static void kdb_printenv(void)
>   */
>  int kdbgetularg(const char *arg, unsigned long *value)
>  {
> -       char *endp;
>         unsigned long val;
>
> -       val = simple_strtoul(arg, &endp, 0);
>
> -       if (endp == arg) {
> +       if (kstrtoul(arg, 0, &val) != 0) {
>                 /*
>                  * Also try base 16, for us folks too lazy to type the
>                  * leading 0x...
>                  */
> -               val = simple_strtoul(arg, &endp, 16);
> -               if (endp == arg)
> +               if (kstrtoul(arg, 16, &val) != 0)

Instead of just fixing the one case, do you want to just take over the
old patch series that tried to do a more complete job:

https://lore.kernel.org/r/GV1PR10MB6563E0F8DB2D335BD9CFE4D3E8B4A@GV1PR10MB6563.EURPRD10.PROD.OUTLOOK.COM/

I think in general that series looked good but just had a few nits on
it, but the author (Yuran Pereira) never followed up with a v2. You
could take that series, fix the nits, add your signed-off-by, and post
a v2?

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ