3.18-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
3.18-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
4.4-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is
4.14-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
4.14-stable review patch. If anyone has any objections, please let me know.
--
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did
From: Alexey Dobriyan
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It
On Sun, Mar 04, 2018 at 12:51:30AM +0300, Alexey Dobriyan wrote:
> I totally forgot that _parse_integer() accepts arbitrary amount of
> leading zeroes leading to the following lookups:
>
> OK
> # readlink /proc/1/map_files/56427ecba000-56427eddc000
> /lib/systemd/systemd
On Sun, Mar 04, 2018 at 12:51:30AM +0300, Alexey Dobriyan wrote:
> I totally forgot that _parse_integer() accepts arbitrary amount of
> leading zeroes leading to the following lookups:
>
> OK
> # readlink /proc/1/map_files/56427ecba000-56427eddc000
> /lib/systemd/systemd
I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following lookups:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink
I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following lookups:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink
On Wed, 21 Feb 2018 22:53:40 +0300 Alexey Dobriyan wrote:
> I totally forgot that _parse_integer() accepts arbitrary amount of
> leading zeroes leading to the following:
>
> OK
> # readlink /proc/1/map_files/56427ecba000-56427eddc000
>
On Wed, 21 Feb 2018 22:53:40 +0300 Alexey Dobriyan wrote:
> I totally forgot that _parse_integer() accepts arbitrary amount of
> leading zeroes leading to the following:
>
> OK
> # readlink /proc/1/map_files/56427ecba000-56427eddc000
> /lib/systemd/systemd
>
>
On Wed, Feb 21, 2018 at 12:04:03PM -0800, Andrew Morton wrote:
> On Wed, 21 Feb 2018 22:53:40 +0300 Alexey Dobriyan
> wrote:
>
> > I totally forgot that _parse_integer() accepts arbitrary amount of
> > leading zeroes leading to the following:
> >
> > OK
> >
On Wed, Feb 21, 2018 at 12:04:03PM -0800, Andrew Morton wrote:
> On Wed, 21 Feb 2018 22:53:40 +0300 Alexey Dobriyan
> wrote:
>
> > I totally forgot that _parse_integer() accepts arbitrary amount of
> > leading zeroes leading to the following:
> >
> > OK
> > # readlink
On Wed, Feb 21, 2018 at 09:44:11PM +0300, Alexey Dobriyan wrote:
> + len = strlen(str);
> + if (len > 1 && *str == '0')
> + return -EINVAL;
if (s[0] == '0' && s[1])
please...
On Wed, Feb 21, 2018 at 09:44:11PM +0300, Alexey Dobriyan wrote:
> + len = strlen(str);
> + if (len > 1 && *str == '0')
> + return -EINVAL;
if (s[0] == '0' && s[1])
please...
On Wed, Feb 21, 2018 at 12:04:03PM -0800, Andrew Morton wrote:
>
> I don't know this code and I'm all confused.
>
> - why is the code designed to accept addresses of "0"?
It was never designed to accept addresses of 0, it is rather
a side effect of using sscanf in first place.
The address
On Wed, Feb 21, 2018 at 12:04:03PM -0800, Andrew Morton wrote:
>
> I don't know this code and I'm all confused.
>
> - why is the code designed to accept addresses of "0"?
It was never designed to accept addresses of 0, it is rather
a side effect of using sscanf in first place.
The address
I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink
I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink
I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink
I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink
On Wed, Nov 29, 2017 at 02:56:03PM -0800, Andrew Morton wrote:
> On Mon, 27 Nov 2017 21:29:25 -0800 Andrei Vagin wrote:
>
> > On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> > > Current code does:
> > >
> > > if (sscanf(dentry->d_name.name, "%lx-%lx",
On Wed, Nov 29, 2017 at 02:56:03PM -0800, Andrew Morton wrote:
> On Mon, 27 Nov 2017 21:29:25 -0800 Andrei Vagin wrote:
>
> > On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> > > Current code does:
> > >
> > > if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
> >
On Mon, 27 Nov 2017 21:29:25 -0800 Andrei Vagin wrote:
> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> > Current code does:
> >
> > if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
> >
> > However sscanf() is broken garbage.
> >
> >
On Mon, 27 Nov 2017 21:29:25 -0800 Andrei Vagin wrote:
> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> > Current code does:
> >
> > if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
> >
> > However sscanf() is broken garbage.
> >
> > It silently accepts
On 11/28/17, Andrei Vagin wrote:
> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
>> Current code does:
>>
>> if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
>>
>> However sscanf() is broken garbage.
>>
>> It silently accepts whitespace
On 11/28/17, Andrei Vagin wrote:
> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
>> Current code does:
>>
>> if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
>>
>> However sscanf() is broken garbage.
>>
>> It silently accepts whitespace between format
On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> Current code does:
>
> if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
>
> However sscanf() is broken garbage.
>
> It silently accepts whitespace between format specifiers
> (did you know that?).
>
> It
On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> Current code does:
>
> if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
>
> However sscanf() is broken garbage.
>
> It silently accepts whitespace between format specifiers
> (did you know that?).
>
> It
On Mon, Nov 20, 2017 at 02:16:14PM -0800, Andrew Morton wrote:
> On Tue, 21 Nov 2017 00:27:06 +0300 Alexey Dobriyan
> wrote:
> > very broken
> > # readlink
> > '/proc/1/map_files/155a23af39000-55a23b05b000'
> > /lib/systemd/systemd
> >
> >
On Mon, Nov 20, 2017 at 02:16:14PM -0800, Andrew Morton wrote:
> On Tue, 21 Nov 2017 00:27:06 +0300 Alexey Dobriyan
> wrote:
> > very broken
> > # readlink
> > '/proc/1/map_files/155a23af39000-55a23b05b000'
> > /lib/systemd/systemd
> >
> > Signed-off-by: Alexey
On Tue, 21 Nov 2017 00:27:06 +0300 Alexey Dobriyan wrote:
> Current code does:
>
> if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
>
> However sscanf() is broken garbage.
>
> It silently accepts whitespace between format specifiers
> (did you know
On Tue, 21 Nov 2017 00:27:06 +0300 Alexey Dobriyan wrote:
> Current code does:
>
> if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
>
> However sscanf() is broken garbage.
>
> It silently accepts whitespace between format specifiers
> (did you know that?).
>
> It silently
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It silently accepts valid strings which result in integer overflow.
Do not use sscanf()
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It silently accepts valid strings which result in integer overflow.
Do not use sscanf()
48 matches
Mail list logo