| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aYWbcFb73qO16tEC@smile.fi.intel.com> Date: Fri, 6 Feb 2026 09:42:40 +0200 From: Andy Shevchenko <andriy.shevchenko@...el.com> To: David Laight <david.laight.linux@...il.com> Cc: Dmitry Antipov <dmantipov@...dex.ru>, Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>, "Darrick J . Wong" <djwong@...nel.org>, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v5 1/5] lib: fix _parse_integer_limit() to handle overflow On Thu, Feb 05, 2026 at 10:15:37PM +0000, David Laight wrote: > On Wed, 4 Feb 2026 16:57:13 +0300 > Dmitry Antipov <dmantipov@...dex.ru> wrote: ... > Although I wonder whether strtoul() (etc) should stop 'eating' input > when the value would overflow Definitely no stop condition. The idea behind simple_strto*() in the kernel is that they will help to parse combined strings (several fields in one *constant* string), not eating the extra "valid" characters (digits) will be a disaster in a couple of aspects. > and return a pointer to the digit that caused the error. No. > Code looking at the terminating character wont be expecting a digit > and will treat it as a syntax error - which is what you are trying to do. > > That is a much easier API to use, and a 'drop-in' for existing code. Maybe, but problematic from the usage point of view as I described above. -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists