lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 16 Feb 2022 23:23:52 +0100
From:   Guillaume Nault <gnault@...hat.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     dsahern@...il.com, stephen@...workplumber.org,
        netdev@...r.kernel.org
Subject: Re: [RFC iproute2] tos: interpret ToS in natural numeral system

On Wed, Feb 16, 2022 at 11:42:05AM -0800, Jakub Kicinski wrote:
> Silently forcing a base numeral system is very painful for users.
> ip currently interprets tos 10 as 0x10. Imagine user's bash script
> does:
> 
>   .. tos $((TOS * 2)) ..
> 
> or any numerical operation on the ToS.
> 
> This patch breaks existing scripts if they expect 10 to be 0x10.

I agree that we shouldn't have forced base 16 in the first place.
But after so many years I find it a bit dangerous to change that.

What about just printing a warning when the value isn't prefixed with
'0x'? Something like (completely untested):

@@ -535,6 +535,12 @@ int rtnl_dsfield_a2n(__u32 *id, const char *arg)
 	if (!end || end == arg || *end || res > 255)
 		return -1;
 	*id = res;
+
+	if (strncmp("0x", arg, 2))
+		fprintf(stderr,
+			"Warning: dsfield and tos parameters are interpreted as hexadecimal values\n"
+			"Use 'dsfield 0x%02x' to avoid this message\n", res);
+
 	return 0;
 }


> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
> --
> I get the feeling this was discussed in the past.
> 
> Also there's more:
> 
> devlink/devlink.c:	val = strtoull(str, &endptr, 10);
> devlink/devlink.c:	val = strtoul(str, &endptr, 10);
> devlink/devlink.c:	val = strtoul(str, &endptr, 10);
> devlink/devlink.c:	val = strtoul(str, &endptr, 10);
> lib/utils.c:	res = strtoul(arg, &ptr, base);
> lib/utils.c:		n = strtoul(cp, &endp, 16);
> lib/utils.c:		tmp = strtoul(tmpstr, &endptr, 16);
> lib/utils.c:		tmp = strtoul(arg + i * 3, &endptr, 16);
> misc/lnstat_util.c:			unsigned long f = strtoul(ptr, &ptr, 16);
> tc/f_u32.c:	htid = strtoul(str, &tmp, 16);
> tc/f_u32.c:		hash = strtoul(str, &tmp, 16);
> tc/f_u32.c:			nodeid = strtoul(str, &tmp, 16);
> tc/tc_util.c:	maj = strtoul(str, &p, 16);
> tc/tc_util.c:	maj = strtoul(str, &p, 16);
> tc/tc_util.c:		min = strtoul(str, &p, 16);

After a very quick look, many of these seem to make sense though. For
example lnstat_util.c parses output from /proc, hexstring_a2n() is used
by ipmacsec.c to parse crypto keys, etc.

But I agree that we should probably audit the strtol() (and variants)
that don't use base 0.

> ---
>  lib/rt_names.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/rt_names.c b/lib/rt_names.c
> index b976471d7979..7eb63dad7d4d 100644
> --- a/lib/rt_names.c
> +++ b/lib/rt_names.c
> @@ -531,7 +531,7 @@ int rtnl_dsfield_a2n(__u32 *id, const char *arg)
>  		}
>  	}
>  
> -	res = strtoul(arg, &end, 16);
> +	res = strtoul(arg, &end, 0);
>  	if (!end || end == arg || *end || res > 255)
>  		return -1;
>  	*id = res;
> -- 
> 2.34.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ