lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20241021193223.GA834839@lichtman.org>
Date: Mon, 21 Oct 2024 19:32:23 +0000
From: Nir Lichtman <nir@...htman.org>
To: Doug Anderson <dianders@...omium.org>
Cc: jason.wessel@...driver.com, daniel.thompson@...aro.org,
	kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	Yuran Pereira <yuran.pereira@...mail.com>
Subject: Re: [PATCH v2] KDB: Fix incorrect treatment of numbers in the CLI

On Mon, Oct 21, 2024 at 10:14:15AM -0700, Doug Anderson wrote:
> Hi,
> 
> On Sat, Oct 19, 2024 at 1:42 PM Nir Lichtman <nir@...htman.org> wrote:
> >
> > Problem: In many cases, KDB treats invalid commands as numbers and
> > instead of printing a usage error, goes ahead and just prints the number
> > in hex
> >
> > Example: This can be demonstrated when typing for example "aaazzz", this
> > confuses KDB into thinking this is the hexadecimal 0xAAA
> >
> > Solution: Transition to using kstrtoul instead of simple_strtoul.
> > This function is more strict with what it treats as a number
> > and thus solves the issue.
> > (also better practice as stated in the definition of simple_strtoul).
> >
> > v2: Removed redundant if condition I put in v1
> >
> > Signed-off-by: Nir Lichtman <nir@...htman.org>
> > ---
> >  kernel/debug/kdb/kdb_main.c | 7 ++-----
> >  1 file changed, 2 insertions(+), 5 deletions(-)
> >
> > diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
> > index f5f7d7fb5936..4cbd5cd26821 100644
> > --- a/kernel/debug/kdb/kdb_main.c
> > +++ b/kernel/debug/kdb/kdb_main.c
> > @@ -402,18 +402,15 @@ static void kdb_printenv(void)
> >   */
> >  int kdbgetularg(const char *arg, unsigned long *value)
> >  {
> > -       char *endp;
> >         unsigned long val;
> >
> > -       val = simple_strtoul(arg, &endp, 0);
> >
> > -       if (endp == arg) {
> > +       if (kstrtoul(arg, 0, &val) != 0) {
> >                 /*
> >                  * Also try base 16, for us folks too lazy to type the
> >                  * leading 0x...
> >                  */
> > -               val = simple_strtoul(arg, &endp, 16);
> > -               if (endp == arg)
> > +               if (kstrtoul(arg, 16, &val) != 0)
> 
> Instead of just fixing the one case, do you want to just take over the
> old patch series that tried to do a more complete job:
> 
> https://lore.kernel.org/r/GV1PR10MB6563E0F8DB2D335BD9CFE4D3E8B4A@GV1PR10MB6563.EURPRD10.PROD.OUTLOOK.COM/
> 
> I think in general that series looked good but just had a few nits on
> it, but the author (Yuran Pereira) never followed up with a v2. You
> could take that series, fix the nits, add your signed-off-by, and post
> a v2?
> 
> -Doug

Interesting, will take a look.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ