From: Harvey Harrison <harvey.harrison@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Alexey Dobriyan <adobriyan@gmail.com>
Subject: [PATCH 3/3] lib: add range check to avoid overflow simple_strtoul/ull
Date: Tue, 13 May 2008 16:57:44 -0700 [thread overview]
Message-ID: <1210723064.6191.12.camel@brick> (raw)
Add a simple range check to avoid overflowing an UL, ULL
respectively. The strict versions will catch this case now
as the strlen call will be longer than the number of characters
read. Previously, the simple function would read as long as there
were valied hexadecimal characters remaining.
The simple_strtol/ll still can overflow producing sign errors, but
maybe those users should be using the strict versions then?
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
---
As Alexey noted, the strict versions are a bit of a joke if they
can overflow in the simple cases, here's one way of closing the
gap for the strict functions and simple_strtoul/simple_strtoull
simple_strtol/simple_strtoll still has a (narrower) chance at overflow
and is not totally safe...use the strict versions then.
lib/vsprintf.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 3547fb5..89f2620 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -57,6 +57,7 @@ static u8 chartou8(char ch)
unsigned long simple_strtoul(const char *cp, char **endp, unsigned int base)
{
unsigned long result = 0;
+ unsigned long maxval;
u8 value;
if (!base)
@@ -65,9 +66,12 @@ unsigned long simple_strtoul(const char *cp, char **endp, unsigned int base)
if (base == 16 && cp[0] == '0' && TOLOWER(cp[1]) == 'x')
cp += 2;
+ maxval = ULONG_MAX / base;
while (isxdigit(*cp) && (value = chartou8(*cp) < base)) {
result = result * base + value;
cp++;
+ if (result > maxval)
+ break;
}
if (endp)
@@ -99,6 +103,7 @@ EXPORT_SYMBOL(simple_strtol);
unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int base)
{
unsigned long long result = 0;
+ unsigned long long maxval;
u8 value;
if (!base)
@@ -107,9 +112,12 @@ unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int bas
if (base == 16 && cp[0] == '0' && TOLOWER(cp[1]) == 'x')
cp += 2;
+ maxval = ULLONG_MAX / base;
while (isxdigit(*cp) && (value = chartou8(*cp) < base)) {
result = result * base + value;
cp++;
+ if (result > maxval)
+ break;
}
if (endp)
--
1.5.5.1.482.g0f174
reply other threads:[~2008-05-13 23:58 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1210723064.6191.12.camel@brick \
--to=harvey.harrison@gmail.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox