| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <6DB96B06-108C-465B-9A54-88B8008DDD60@linux.dev>
Date: Thu, 23 Oct 2025 17:35:00 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Jack Xu <jack.xu@...el.com>,
Suman Kumar Chakraborty <suman.kumar.chakraborty@...el.com>,
Qianfeng Rong <rongqianfeng@...o.com>,
qat-linux@...el.com,
linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] crypto: qat - use strscpy_pad to simplify buffer
initialization
On 22. Oct 2025, at 20:17, Andy Shevchenko wrote:
> On Wed, Oct 22, 2025 at 02:36:19PM +0200, Thorsten Blum wrote:
>> Use strscpy_pad() to copy the string and zero-pad the destination buffer
>> in a single step instead of zero-initializing the buffer first and then
>> immediately overwriting it using strscpy().
>>
>> Replace the magic number 16 with sizeof(buf) and remove the redundant
>> parentheses around kstrtoul() while we're at it.
>
> I understand that you focused on strscpy*() conversions, but the below I think
> needs a bigger refactoring, see my remarks.
>
> ...
>
>> - char buf[16] = {0};
>> + char buf[16] = {};
Sorry, this should have been just 'char buf[16];' since {} and {0} are
equivalent and both zero-initialize the array.
>> unsigned long ae = 0;
>> int i;
>>
>> - strscpy(buf, str, sizeof(buf));
>> - for (i = 0; i < 16; i++) {
>> + strscpy_pad(buf, str);
>
> First of all, why do we need a _pad() version here? Is the data somehow being
> used as a whole?
I honestly didn't question this, but it looks like strscpy() would be
sufficient (with this approach at least).
>> + for (i = 0; i < sizeof(buf); i++) {
>> if (!isdigit(buf[i])) {
>> buf[i] = '\0';
>> break;
>> }
>> }
>> - if ((kstrtoul(buf, 10, &ae)))
>> + if (kstrtoul(buf, 10, &ae))
>> return -EFAULT;
>
> Looking at this, it tries to work around the kstrtoul() inability to perform
> partial parses. Instead, this should do something like
>
> unsigned long long x;
> const char *end;
>
> simple_strtoull(...);
> if (x > UINT_MAX || end == buf)
> return $ERR; // wrong input / overflow
How about this?
diff --git a/drivers/crypto/intel/qat/qat_common/qat_uclo.c b/drivers/crypto/intel/qat/qat_common/qat_uclo.c
index 18c3e4416dc5..04628dc01456 100644
--- a/drivers/crypto/intel/qat/qat_common/qat_uclo.c
+++ b/drivers/crypto/intel/qat/qat_common/qat_uclo.c
@@ -200,20 +200,12 @@ qat_uclo_cleanup_batch_init_list(struct icp_qat_fw_loader_handle *handle,
static int qat_uclo_parse_num(char *str, unsigned int *num)
{
- char buf[16] = {0};
- unsigned long ae = 0;
- int i;
-
- strscpy(buf, str, sizeof(buf));
- for (i = 0; i < 16; i++) {
- if (!isdigit(buf[i])) {
- buf[i] = '\0';
- break;
- }
- }
- if ((kstrtoul(buf, 10, &ae)))
- return -EFAULT;
+ unsigned long long ae;
+ char *end;
+ ae = simple_strtoull(str, &end, 10);
+ if (ae > UINT_MAX || str == end || (end - str) > 20)
+ return -EINVAL;
*num = (unsigned int)ae;
return 0;
}
Powered by blists - more mailing lists