| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Nov 2020 17:23:42 -0800
From: Richard Cochran <richardcochran@...il.com>
To: min.li.xe@...esas.com
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 net] ptp: clockmatrix: bug fix for idtcm_strverscmp
On Mon, Nov 23, 2020 at 03:20:06PM -0500, min.li.xe@...esas.com wrote:
> From: Min Li <min.li.xe@...esas.com>
>
> Feed kstrtou8 with NULL terminated string.
>
> Changes since v1:
> -Use strscpy instead of strncpy for safety.
>
> Signed-off-by: Min Li <min.li.xe@...esas.com>
> ---
> drivers/ptp/ptp_clockmatrix.c | 60 ++++++++++++++++++++++++++++++-------------
> tools/bpf/example | 12 +++++++++
> tools/bpf/novlan | 7 +++++
> 3 files changed, 61 insertions(+), 18 deletions(-)
> create mode 100644 tools/bpf/example
> create mode 100644 tools/bpf/novlan
>
> diff --git a/drivers/ptp/ptp_clockmatrix.c b/drivers/ptp/ptp_clockmatrix.c
> index e020faf..d4e434b 100644
> --- a/drivers/ptp/ptp_clockmatrix.c
> +++ b/drivers/ptp/ptp_clockmatrix.c
> @@ -103,42 +103,66 @@ static int timespec_to_char_array(struct timespec64 const *ts,
> return 0;
> }
>
> -static int idtcm_strverscmp(const char *ver1, const char *ver2)
> +static int idtcm_strverscmp(const char *version1, const char *version2)
> {
> u8 num1;
> u8 num2;
> int result = 0;
> + char ver1[16];
> + char ver2[16];
> + char *cur1;
> + char *cur2;
> + char *next1;
> + char *next2;
> +
> + if (strscpy(ver1, version1, 16) < 0 ||
> + strscpy(ver2, version2, 16) < 0)
> + return -1;
> + cur1 = ver1;
> + cur2 = ver2;
>
> /* loop through each level of the version string */
> while (result == 0) {
> + next1 = strchr(cur1, '.');
> + next2 = strchr(cur2, '.');
> +
> + /* kstrtou8 could fail for dot */
> + if (next1) {
> + *next1 = '\0';
> + next1++;
> + }
> +
> + if (next2) {
> + *next2 = '\0';
> + next2++;
> + }
> +
All of this looping and ad-hoc string parsing can be make MUCH
simpler by using sscanf() and then comparing the binary values
directly.
> /* extract leading version numbers */
> - if (kstrtou8(ver1, 10, &num1) < 0)
> + if (kstrtou8(cur1, 10, &num1) < 0)
> return -1;
>
> - if (kstrtou8(ver2, 10, &num2) < 0)
> + if (kstrtou8(cur2, 10, &num2) < 0)
> return -1;
>
> /* if numbers differ, then set the result */
> if (num1 < num2)
> + return -1;
> + if (num1 > num2)
> + return 1;
> +
> + /* if numbers are the same, go to next level */
> + if (!next1 && !next2)
> + break;
> + else if (!next1) {
> result = -1;
> - else if (num1 > num2)
> + } else if (!next2) {
> result = 1;
> - else {
> - /* if numbers are the same, go to next level */
> - ver1 = strchr(ver1, '.');
> - ver2 = strchr(ver2, '.');
> - if (!ver1 && !ver2)
> - break;
> - else if (!ver1)
> - result = -1;
> - else if (!ver2)
> - result = 1;
> - else {
> - ver1++;
> - ver2++;
> - }
> + } else {
> + cur1 = next1;
> + cur2 = next2;
> }
> }
> +
> return result;
> }
>
> diff --git a/tools/bpf/example b/tools/bpf/example
> new file mode 100644
> index 0000000..a0ac81f
> --- /dev/null
> +++ b/tools/bpf/example
> @@ -0,0 +1,12 @@
> + ldh [12]
> + jne #0x8100, nonvlan
> + ldh [16]
> + jne #0x88f7, bad
> + ldb [18]
> + ja test
> + nonvlan: jne #0x88f7, bad
> + ldb [14]
> + test: and #0x8
> + jeq #0, bad
> + good: ret #1500
> + bad: ret #0
Looks like this hunk and the next got included by mistake.
Thanks,
Richard
> diff --git a/tools/bpf/novlan b/tools/bpf/novlan
> new file mode 100644
> index 0000000..fe35288
> --- /dev/null
> +++ b/tools/bpf/novlan
> @@ -0,0 +1,7 @@
> + ldh [12]
> + jne #0x88f7, bad
> + ldb [14]
> + and #0x8
> + jeq #0, bad
> + good: ret #1500
> + bad: ret #0
> --
> 2.7.4
>
Powered by blists - more mailing lists