lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEf4BzYDgkEwVo3T_jW2QtjXxCxYPxPMC-+46C12Us+9F2bOFg@mail.gmail.com>
Date: Mon, 15 Sep 2025 09:21:29 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Chris Mason <clm@...a.com>, Tao Chen <chen.dylane@...ux.dev>
Cc: qmo@...nel.org, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, 
	martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org, 
	yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org, 
	sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net, 
	kuba@...nel.org, hawk@...nel.org, linux-kernel@...r.kernel.org, 
	bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v4 1/3] bpftool: Add bpf_token show

On Sat, Sep 13, 2025 at 10:18 AM Chris Mason <clm@...a.com> wrote:
>
> On Wed, 23 Jul 2025 22:44:40 +0800 Tao Chen <chen.dylane@...ux.dev> wrote:
>
> [ ... ]
>
> > diff --git a/tools/bpf/bpftool/token.c b/tools/bpf/bpftool/token.c
> > new file mode 100644
> > index 00000000000..6312e662a12
> > --- /dev/null
> > +++ b/tools/bpf/bpftool/token.c
> > @@ -0,0 +1,225 @@
>
> [ ... ]
>
> > +
> > +static char *get_delegate_value(const char *opts, const char *key)
> > +{
> > +     char *token, *rest, *ret = NULL;
> > +     char *opts_copy = strdup(opts);
> > +
> > +     if (!opts_copy)
> > +             return NULL;
> > +
> > +     for (token = strtok_r(opts_copy, ",", &rest); token;
> > +                     token = strtok_r(NULL, ",", &rest)) {
> > +             if (strncmp(token, key, strlen(key)) == 0 &&
> > +                 token[strlen(key)] == '=') {
> > +                     ret = token + strlen(key) + 1;
> > +                     break;
> > +             }
> > +     }
> > +     free(opts_copy);
> > +
> > +     return ret;
>
> The ret pointer is pointing inside opts_copy, but opts_copy gets freed
> before returning?

Thanks for the bug report, Chris!

Tao, the fix probably should be something along the lines of:

ret = token + strlen(key) + 1 - opts_copy + opts;

to translate that pointer back into the original string? Can you
please send a patch?

>
> -chris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ