lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20110722205153.GP21309@gospo.rdu.redhat.com>
Date:	Fri, 22 Jul 2011 16:51:54 -0400
From:	Andy Gospodarek <andy@...yhouse.net>
To:	Jay Vosburgh <fubar@...ibm.com>
Cc:	Vitalii Demianets <vitas@...factor.kiev.ua>,
	Andy Gospodarek <andy@...yhouse.net>, netdev@...r.kernel.org,
	Takuma Umeya <tumeya@...hat.com>
Subject: Re: [PATCH net-next v2] bonding: fix strlen errors in sysfs

On Thu, Jul 14, 2011 at 09:02:06AM -0700, Jay Vosburgh wrote:
> Vitalii Demianets <vitas@...factor.kiev.ua> wrote:
> 
> >On Thursday 14 July 2011 04:57:45 Andy Gospodarek wrote:
> >> -			if (strnicmp
> >> -			    (slave->dev->name, buf,
> >> -			     strlen(slave->dev->name)) == 0) {
> >> +			int max_len = max(strlen(slave->dev->name),
> >> +					  strlen(buf) - 1);
> >> +			if (strnicmp(slave->dev->name, buf, max_len) == 0) {
> >
> >As for me there is no sense in preventing "address out of range" errors in  
> >strnicmp by calculating length with strlen first. If there is missing \0 at 
> >the end of the string you just shift failure point from stricmp to the strlen 
> >function call.
> >IMHO "maximum length" argument in strnicmp should be some appropriate constant 
> >instead. Alternatively we can use count:
> 
> 	I agree about using a constant, and I nominate IFNAMSIZ for that
> constant.
> 

A constant like IFNAMSIZ can work, but only if buf has the '\n' removed
from the string that is added by echo or other command first.

> 	Also, should we really be using strnicmp?  I.e., case
> insensitive?  Aren't interface names case sensitive?

Probably not.

I'll roll a patch next week that drops the newline and uses IFNAMSIZ if
that is the preference.  I didn't think it was worth the trouble
initially, so I didn't do it that way the first time.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ