| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241026144724.GA892311@lichtman.org> Date: Sat, 26 Oct 2024 14:47:24 +0000 From: Nir Lichtman <nir@...htman.org> To: kgdb-bugreport@...ts.sourceforge.net, linux-trace-kernel@...r.kernel.org Cc: yuran.pereira@...mail.com, jason.wessel@...driver.com, daniel.thompson@...aro.org, dianders@...omium.org, rostedt@...dmis.org, mhiramat@...nel.org, linux-kernel@...r.kernel.org, linux-kernel-mentees@...ts.linuxfoundation.org Subject: [PATCH v3 0/2] Replace the use of simple_strtol/ul functions with kstrto The simple_str* family of functions perform no error checking in scenarios where the input value overflows the intended output variable. This results in these function successfully returning even when the output does not match the input string. Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(), simple_strtoul(), and simple_strtoull() functions explicitly ignore overflows, which may lead to unexpected results in callers." Hence, the use of those functions is discouraged. This patch series replaces uses of the simple_strto* series of function with the safer kstrto* alternatives. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull Yuran Pereira (2): kdb: Replace the use of simple_strto with safer kstrto in kdb_main trace: kdb: Replace simple_strtoul with kstrtoul in kdb_ftdump Nir Lichtman (1): kdb: Remove fallback interpretation of arbitrary numbers as hex This patch is originally based upon https://lore.kernel.org/all/GV1PR10MB65635561FB160078C3744B5FE8B4A@GV1PR10MB6563.EURPRD10.PROD.OUTLOOK.COM/ Since the original thread was left with a review and the comments have not been addressed, decided to continue the minor work left to move this patch forward. v2: - Styling fixes - Fix an invalid conversion to unsigned int instead of signed as it was supposed to be - Fix one of the conversions to return an error in case of failure, instead of silently falling back to a default value - Add Douglas's suggestion for removing the hex interpretation fallback v3: - Split to 3 parts instead of 2 (in which the 3rd part now contains the hex interpretation fix) - Fix the patch series to properly reference the cover - Fix credit tags kernel/debug/kdb/kdb_main.c | 69 +++++++++-------------------------- kernel/trace/trace_kdb.c | 15 +++----- 2 files changed, 23 insertions(+), 61 deletions(-) -- 2.39.2
Powered by blists - more mailing lists