lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <173105511502.10030.8958584403113767756.b4-ty@linaro.org>
Date: Fri, 08 Nov 2024 08:38:35 +0000
From: Daniel Thompson <daniel.thompson@...aro.org>
To: kgdb-bugreport@...ts.sourceforge.net, 
 linux-trace-kernel@...r.kernel.org, Nir Lichtman <nir@...htman.org>
Cc: yuran.pereira@...mail.com, jason.wessel@...driver.com, 
 dianders@...omium.org, rostedt@...dmis.org, mhiramat@...nel.org, 
 linux-kernel@...r.kernel.org, 
 linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH v4 0/3] Replace the use of simple_strtol/ul functions
 with kstrto


On Mon, 28 Oct 2024 19:17:00 +0000, Nir Lichtman wrote:
> The simple_str* family of functions perform no error checking in
> scenarios where the input value overflows the intended output variable.
> This results in these function successfully returning even when the
> output does not match the input string.
> 
> Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
> simple_strtoul(), and simple_strtoull() functions explicitly ignore
> overflows, which may lead to unexpected results in callers."
> Hence, the use of those functions is discouraged.
> 
> [...]

Applied, thanks!

[1/3] kdb: Replace the use of simple_strto with safer kstrto in kdb_main
      commit: fe0c87871fc0b97f6d374b670c81f7c4087eebc5
[2/3] trace: kdb: Replace simple_strtoul with kstrtoul in kdb_ftdump
      commit: c56642c737fc0bd9bcc3a22a2bf8ed6f5900a660
[3/3] kdb: Remove fallback interpretation of arbitrary numbers as hex
      commit: 5f4ca702e36893a276fccb0aa55ab36e19dfbb50

Best regards,
-- 
Daniel Thompson <daniel.thompson@...aro.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ