From: Amerigo Wang <amwang@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [Patch] sysctl: forbid too long numbers
Date: Thu, 02 Jul 2009 18:03:29 +0800 [thread overview]
Message-ID: <4A4C85F1.4050706@redhat.com> (raw)
In-Reply-To: <20090629150123.43f79091.akpm@linux-foundation.org>
Andrew Morton wrote:
> Also, fixing this is a non-backward-compatible change which could break
> existing userspace. Although the chances of this seem fairly small.
>
> Or are they? One could imagine a script which was tested and developed
> on a 64-bit system, which writes a >4G number into a pseudo file. That
> script happens to work on 32-bit systems (it might not work _well_, but
> it'll work). With this change, the write will fail on the 32-bit
> system and the entire application could bale out or something.
>
> I'm not saying that this is a reason to avoid making the change, but
> it's all a worry and needs consideration.
>
>
Ah, I didn't consider this situation...
Hmm... but only taking the lower 32-bits really looks strange.
> The other worrisome thing about this change is that there may well be
> existing userspace which does
>
> echo 42foo > /proc/whatever
>
> and the conversion to strict_strtoul() will cause that script to
> newly fail.
>
> And the chances that there are scripts which do this are pretty darned
> good - it's fairly easy to accidentally leave junk like this in strings
> when hacking stuff together in scripting languages.
>
>
Yeah, maybe, but that is really tricky...
>
>
>> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
>> index 756ccaf..ff2ca5c 100644
>> --- a/lib/vsprintf.c
>> +++ b/lib/vsprintf.c
>> @@ -163,11 +163,14 @@ int strict_strtoul(const char *cp, unsigned int base, unsigned long *res)
>> char *tail;
>> unsigned long val;
>> size_t len;
>> + char tmp[32];
>>
>> *res = 0;
>> len = strlen(cp);
>> if (len == 0)
>> return -EINVAL;
>> + if (len > snprintf(tmp, "%ld", ULONG_MAX))
>> + return -EINVAL;
>>
>> val = simple_strtoul(cp, &tail, base);
>> if (tail == cp)
>>
>
> And here we're doing a check for that overflow, yes?
>
> - We don't need tmp[]. vsnprintf(NULL, ...) can be used to query the
> length of an sprintf. See how kvasprintf() does this.
>
> - The strict_strtoul() documentation should be updated?
>
> - The above change affects strict_strtol() too.
>
> - The same change should be made to strict_strtoull() and hence
> strict_strtoll()?
>
>
Good points!
I agree, so maybe we only need to change this part?
Hmm, I need to check the callers of strict_strtol()...
Thank you!
prev parent reply other threads:[~2009-07-02 10:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-19 7:19 [Patch] sysctl: forbid too long numbers Amerigo Wang
2009-06-29 22:01 ` Andrew Morton
2009-07-02 2:22 ` Lee Revell
2009-07-02 10:03 ` Amerigo Wang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A4C85F1.4050706@redhat.com \
--to=amwang@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox