Re: [PATCH] dm-ingerity: change memcmp to strncmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Wed, 13 Mar 2019, James Bottomley wrote:

> On Wed, 2019-03-13 at 07:56 -0400, Mikulas Patocka wrote:
> > If the string opt_string is small, the function memcmp can access
> > bytes
> > that are beyond the terminating nul character. In theory, it could
> > cause
> > segfault, if opt_string were located just below some unmapped memory.
> > 
> > This patch changes memcmp to strncmp, so that we don't read bytes
> > beyond
> > the end of the string.
> > 
> > Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
> > Cc: stable@xxxxxxxxxxxxxxx	# v4.12+
> > 
> > ---
> >  drivers/md/dm-integrity.c |    8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
> > 
> > Index: linux-2.6/drivers/md/dm-integrity.c
> > ===================================================================
> > --- linux-2.6.orig/drivers/md/dm-integrity.c	2019-03-12
> > 15:33:17.000000000 +0100
> > +++ linux-2.6/drivers/md/dm-integrity.c	2019-03-12
> > 15:34:49.000000000 +0100
> > @@ -3185,7 +3185,7 @@ static int dm_integrity_ctr(struct dm_ta
> >  			journal_watermark = val;
> >  		else if (sscanf(opt_string, "commit_time:%u%c",
> > &val, &dummy) == 1)
> >  			sync_msec = val;
> > -		else if (!memcmp(opt_string, "meta_device:",
> > strlen("meta_device:"))) {
> > +		else if (!strncmp(opt_string, "meta_device:",
> > strlen("meta_device:"))) {
> 
> strncmp(a, b, strlen(b)) is semantically equivalent to strcmp(a,b) but
> the latter is far shorter and easier so you should use it.
> 
> James

No, it isn't.

strncmp("blabla", "bla", strlen("bla") returns zero.
strcmp("blabla", "bla") reurns a positive number.

Mikulas

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel



[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux