lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu,  6 Feb 2014 13:59:01 +0100 (CET)
From:	Michal Kubecek <mkubecek@...e.cz>
To:	Stephen Hemminger <stephen@...workplumber.org>
Cc:	netdev@...r.kernel.org
Subject: [PATCH iproute2 net-next-for-3.13] iplink_bond: fix parameter value
 matching

Lookup function get_index() compares argument with table entries
only up to the length of the table entry so that if an entry
with lower index is a substring of a later one, earlier entry is
used even if the argument is equal to the other. For example,

  ip link set bond0 type bond xmit_hash_policy layer2+3

sets xmit_hash_policy to 0 (layer2) as this is found before
"layer2+3" can be checked.

I believe the reason for using strncmp() rather than simple
strcmp() was to allow abbreviations which means maximum length
for comparison should be length of the string looked up.
However, this would cause a problem if shorter value follows
longer one and shorter one is entered (there is no such case now
but it might happen in the future). So let's try to find an
exact match first and only if none is found, do a second pass
with checking for abbreviated values.

Fixes: 63d127b0 ("iproute2: finish support for bonding attributes")
Signed-off-by: Michal Kubecek <mkubecek@...e.cz>
---
 ip/iplink_bond.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c
index f22151e..4cd6843 100644
--- a/ip/iplink_bond.c
+++ b/ip/iplink_bond.c
@@ -105,8 +105,14 @@ static int get_index(const char **tbl, char *name)
 			if (i == index)
 				return i;
 
+	/* first check for an exact match */
 	for (i = 0; tbl[i]; i++)
-		if (strncmp(tbl[i], name, strlen(tbl[i])) == 0)
+		if (strcmp(tbl[i], name) == 0)
+			return i;
+
+	/* no exact match, try to interpret as an abbreviation */
+	for (i = 0; tbl[i]; i++)
+		if (strncmp(tbl[i], name, strlen(name)) == 0)
 			return i;
 
 	return -1;
-- 
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ