lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260115163650.118910-13-wander@redhat.com>
Date: Thu, 15 Jan 2026 13:31:55 -0300
From: Wander Lairson Costa <wander@...hat.com>
To: Steven Rostedt <rostedt@...dmis.org>,
	Tomas Glozar <tglozar@...hat.com>,
	Wander Lairson Costa <wander@...hat.com>,
	Crystal Wood <crwood@...hat.com>,
	Ivan Pravdin <ipravdin.official@...il.com>,
	Costa Shulyupin <costa.shul@...hat.com>,
	John Kacur <jkacur@...hat.com>,
	Tiezhu Yang <yangtiezhu@...ngson.cn>,
	Daniel Wagner <dwagner@...e.de>,
	Daniel Bristot de Oliveira <bristot@...nel.org>,
	linux-trace-kernel@...r.kernel.org (open list:Real-time Linux Analysis (RTLA) tools),
	linux-kernel@...r.kernel.org (open list:Real-time Linux Analysis (RTLA) tools),
	bpf@...r.kernel.org (open list:BPF [MISC]:Keyword:(?:\b|_)bpf(?:\b|_))
Subject: [PATCH v3 12/18] rtla: Enforce exact match for time unit suffixes

The parse_ns_duration() function currently uses prefix matching for
detecting time units. This approach is problematic as it silently
accepts malformed strings such as "100nsx" or "100us_invalid" by
ignoring the trailing characters, leading to potential configuration
errors.

Switch to using strcmp() for suffix comparison to enforce exact matches.
This ensures that the parser strictly validates the time unit and
rejects any input containing invalid trailing characters, thereby
improving the robustness of the configuration parsing.

Signed-off-by: Wander Lairson Costa <wander@...hat.com>
---
 tools/tracing/rtla/src/utils.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/tracing/rtla/src/utils.c b/tools/tracing/rtla/src/utils.c
index 486d96e8290fb..b029fe5970c31 100644
--- a/tools/tracing/rtla/src/utils.c
+++ b/tools/tracing/rtla/src/utils.c
@@ -211,15 +211,15 @@ long parse_ns_duration(char *val)
 	t = strtol(val, &end, 10);
 
 	if (end) {
-		if (!strncmp(end, "ns", 2)) {
+		if (strcmp(end, "ns") == 0) {
 			return t;
-		} else if (!strncmp(end, "us", 2)) {
+		} else if (strcmp(end, "us") == 0) {
 			t *= 1000;
 			return t;
-		} else if (!strncmp(end, "ms", 2)) {
+		} else if (strcmp(end, "ms") == 0) {
 			t *= 1000 * 1000;
 			return t;
-		} else if (!strncmp(end, "s", 1)) {
+		} else if (strcmp(end, "s") == 0) {
 			t *= 1000 * 1000 * 1000;
 			return t;
 		}
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ