| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220216222352.GA3432@pc-4.home>
Date: Wed, 16 Feb 2022 23:23:52 +0100
From: Guillaume Nault <gnault@...hat.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: dsahern@...il.com, stephen@...workplumber.org,
netdev@...r.kernel.org
Subject: Re: [RFC iproute2] tos: interpret ToS in natural numeral system
On Wed, Feb 16, 2022 at 11:42:05AM -0800, Jakub Kicinski wrote:
> Silently forcing a base numeral system is very painful for users.
> ip currently interprets tos 10 as 0x10. Imagine user's bash script
> does:
>
> .. tos $((TOS * 2)) ..
>
> or any numerical operation on the ToS.
>
> This patch breaks existing scripts if they expect 10 to be 0x10.
I agree that we shouldn't have forced base 16 in the first place.
But after so many years I find it a bit dangerous to change that.
What about just printing a warning when the value isn't prefixed with
'0x'? Something like (completely untested):
@@ -535,6 +535,12 @@ int rtnl_dsfield_a2n(__u32 *id, const char *arg)
if (!end || end == arg || *end || res > 255)
return -1;
*id = res;
+
+ if (strncmp("0x", arg, 2))
+ fprintf(stderr,
+ "Warning: dsfield and tos parameters are interpreted as hexadecimal values\n"
+ "Use 'dsfield 0x%02x' to avoid this message\n", res);
+
return 0;
}
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
> --
> I get the feeling this was discussed in the past.
>
> Also there's more:
>
> devlink/devlink.c: val = strtoull(str, &endptr, 10);
> devlink/devlink.c: val = strtoul(str, &endptr, 10);
> devlink/devlink.c: val = strtoul(str, &endptr, 10);
> devlink/devlink.c: val = strtoul(str, &endptr, 10);
> lib/utils.c: res = strtoul(arg, &ptr, base);
> lib/utils.c: n = strtoul(cp, &endp, 16);
> lib/utils.c: tmp = strtoul(tmpstr, &endptr, 16);
> lib/utils.c: tmp = strtoul(arg + i * 3, &endptr, 16);
> misc/lnstat_util.c: unsigned long f = strtoul(ptr, &ptr, 16);
> tc/f_u32.c: htid = strtoul(str, &tmp, 16);
> tc/f_u32.c: hash = strtoul(str, &tmp, 16);
> tc/f_u32.c: nodeid = strtoul(str, &tmp, 16);
> tc/tc_util.c: maj = strtoul(str, &p, 16);
> tc/tc_util.c: maj = strtoul(str, &p, 16);
> tc/tc_util.c: min = strtoul(str, &p, 16);
After a very quick look, many of these seem to make sense though. For
example lnstat_util.c parses output from /proc, hexstring_a2n() is used
by ipmacsec.c to parse crypto keys, etc.
But I agree that we should probably audit the strtol() (and variants)
that don't use base 0.
> ---
> lib/rt_names.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/rt_names.c b/lib/rt_names.c
> index b976471d7979..7eb63dad7d4d 100644
> --- a/lib/rt_names.c
> +++ b/lib/rt_names.c
> @@ -531,7 +531,7 @@ int rtnl_dsfield_a2n(__u32 *id, const char *arg)
> }
> }
>
> - res = strtoul(arg, &end, 16);
> + res = strtoul(arg, &end, 0);
> if (!end || end == arg || *end || res > 255)
> return -1;
> *id = res;
> --
> 2.34.1
>
Powered by blists - more mailing lists