| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <173105511502.10030.8958584403113767756.b4-ty@linaro.org>
Date: Fri, 08 Nov 2024 08:38:35 +0000
From: Daniel Thompson <daniel.thompson@...aro.org>
To: kgdb-bugreport@...ts.sourceforge.net,
linux-trace-kernel@...r.kernel.org, Nir Lichtman <nir@...htman.org>
Cc: yuran.pereira@...mail.com, jason.wessel@...driver.com,
dianders@...omium.org, rostedt@...dmis.org, mhiramat@...nel.org,
linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH v4 0/3] Replace the use of simple_strtol/ul functions
with kstrto
On Mon, 28 Oct 2024 19:17:00 +0000, Nir Lichtman wrote:
> The simple_str* family of functions perform no error checking in
> scenarios where the input value overflows the intended output variable.
> This results in these function successfully returning even when the
> output does not match the input string.
>
> Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
> simple_strtoul(), and simple_strtoull() functions explicitly ignore
> overflows, which may lead to unexpected results in callers."
> Hence, the use of those functions is discouraged.
>
> [...]
Applied, thanks!
[1/3] kdb: Replace the use of simple_strto with safer kstrto in kdb_main
commit: fe0c87871fc0b97f6d374b670c81f7c4087eebc5
[2/3] trace: kdb: Replace simple_strtoul with kstrtoul in kdb_ftdump
commit: c56642c737fc0bd9bcc3a22a2bf8ed6f5900a660
[3/3] kdb: Remove fallback interpretation of arbitrary numbers as hex
commit: 5f4ca702e36893a276fccb0aa55ab36e19dfbb50
Best regards,
--
Daniel Thompson <daniel.thompson@...aro.org>
Powered by blists - more mailing lists