| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f4fcc669-25fc-47ee-9d7b-610be91d99ce@nfschina.com> Date: Sat, 31 May 2025 07:17:25 +0800 From: Su Hui <suhui@...china.com> To: Jeffrey E Altman <jaltman@...istor.com>, dhowells@...hat.com, marc.dionne@...istor.com Cc: linux-afs@...ts.infradead.org, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [PATCH] afs: Replace simple_strtoul with kstrtoul in afs_parse_address On 5/30/25 8:43 PM, Jeffrey E Altman wrote: > On 5/30/2025 6:29 AM, Su Hui wrote: >> On 5/30/25 7:35 AM, Jeffrey E Altman wrote: >>> >>> Do you see an overflow condition which would not be caught by those >>> checks which would be caught by use of kstrtoul()? >> Actually, no example in reality. >> If p can equal to '0xffffffffffffffff0000000000000001', >> simple_strtoul() and kstroul() all transform 'p' to unsigned long >> value '0x1'. >> But kstrtoul() return an error and we can know overflow happens. If >> 'p' can be a very long string, kstroul() make sense. >> > The expected use case is for the input string not to exceed 3 > characters. The valid range is decimal 0 to 128. That could be > enforced by switching to simple_strntoul() and relying upon the > existing checks. Got it, thanks for your reply and sorry for the noise. Su Hui
Powered by blists - more mailing lists