lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20170120174114.183f6e81@griffin>
Date:   Fri, 20 Jan 2017 17:41:14 +0100
From:   Jiri Benc <jbenc@...hat.com>
To:     David Laight <David.Laight@...LAB.COM>
Cc:     Paul Blakey <paulb@...lanox.com>,
        Stephen Hemminger <stephen@...workplumber.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Jiri Pirko <jiri@...lanox.com>,
        Or Gerlitz <ogerlitz@...lanox.com>,
        Roi Dayan <roid@...lanox.com>,
        Simon Horman <simon.horman@...ronome.com>
Subject: Re: [PATCH net-next V4] tc: flower: Refactor matching flags to be
 more user friendly

On Fri, 20 Jan 2017 12:27:42 +0000, David Laight wrote:
> Consider what happened with "no", "nofubar" and "nofubar_baz",
> all ought to be rejected.

Why? "no" translates to "", "nofubar" to "fubar", etc. And those will
be evaluated the same way as if they were supplied without the "no".
I don't see a problem with this.

> Actually using strncmp() is also overkill.

Why? It compares two bytes. There's an extra null at the end of the
"no" string but I wouldn't call that "overkill".

> Nothing wrong with:
> 	if (token[0] == 'n' && token[1] == 'o' && token[2]) {

Except that strncmp is easier to understand and cleaner.

> 		no = true;
> 		token += 2;
> 		if (token[0] == '_' && token[1])
> 			token++;

This doesn't make sense. The intent was not to allow both "nofrag" and
"no_frag". The code in the patch treats "no_frag" as invalid and that's
okay.

> 		...
> 
> or replace the last 3 lines with:
> 		token += 2 + (token[2] == '_' & token[3]);

That's horribly ugly. Anyone looking at this will spent 2 minutes
trying to untangle the code instead of the 2 seconds with the current
code. We're not trying to win the Obfuscated C Contest here.

 Jiri

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ