| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af23d217-4053-4a42-8f70-4e214f9623bf@linux.dev>
Date: Tue, 16 Sep 2025 10:16:42 +0800
From: Tao Chen <chen.dylane@...ux.dev>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>, Chris Mason <clm@...a.com>
Cc: qmo@...nel.org, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net,
kuba@...nel.org, hawk@...nel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v4 1/3] bpftool: Add bpf_token show
在 2025/9/16 00:21, Andrii Nakryiko 写道:
Hi Andrii, Chris,
> On Sat, Sep 13, 2025 at 10:18 AM Chris Mason <clm@...a.com> wrote:
>>
>> On Wed, 23 Jul 2025 22:44:40 +0800 Tao Chen <chen.dylane@...ux.dev> wrote:
>>
>> [ ... ]
>>
>>> diff --git a/tools/bpf/bpftool/token.c b/tools/bpf/bpftool/token.c
>>> new file mode 100644
>>> index 00000000000..6312e662a12
>>> --- /dev/null
>>> +++ b/tools/bpf/bpftool/token.c
>>> @@ -0,0 +1,225 @@
>>
>> [ ... ]
>>
>>> +
>>> +static char *get_delegate_value(const char *opts, const char *key)
>>> +{
>>> + char *token, *rest, *ret = NULL;
>>> + char *opts_copy = strdup(opts);
>>> +
>>> + if (!opts_copy)
>>> + return NULL;
>>> +
>>> + for (token = strtok_r(opts_copy, ",", &rest); token;
>>> + token = strtok_r(NULL, ",", &rest)) {
>>> + if (strncmp(token, key, strlen(key)) == 0 &&
>>> + token[strlen(key)] == '=') {
>>> + ret = token + strlen(key) + 1;
>>> + break;
>>> + }
>>> + }
>>> + free(opts_copy);
>>> +
>>> + return ret;
>>
>> The ret pointer is pointing inside opts_copy, but opts_copy gets freed
>> before returning?
>
> Thanks for the bug report, Chris!
>
> Tao, the fix probably should be something along the lines of:
>
> ret = token + strlen(key) + 1 - opts_copy + opts;
>
> to translate that pointer back into the original string? Can you
> please send a patch?
>
Of course, i will fix it, thanks for the bug report.
>>
>> -chris
--
Best Regards
Tao Chen
Powered by blists - more mailing lists