| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Sep 2013 00:43:55 -0700 From: Kees Cook <keescook@...omium.org> To: linux-kernel@...r.kernel.org Cc: joe@...ches.com, George Spelvin <linux@...izon.com>, dan.carpenter@...cle.com, viro@...iv.linux.org.uk, Jan Beulich <JBeulich@...e.com>, KOSAKI Motohiro <kosaki.motohiro@...il.com>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, akpm@...ux-foundation.org Subject: [PATCH 0/2] vsprintf: ignore %n again Whether seq_printf should return void or error, %n still needs to be removed. As such, instead of changing the seq_file structure and adding instructions to all callers of seq_printf, just examine seq->count for the callers that care about how many characters were put into the buffer, as suggested by George Spelvin. First patch removes all %n usage in favor of checking seq->count before/after. Second patch makes %n ignore its argument. Testing shows this all works happily, and everything is still getting padded correctly: /proc/consoles: ttyS0 -W- (EC a) 4:64 netcon0 -W- (E ) /proc/self/maps: ... 01ee7000-01f08000 rw-p 00000000 00:00 0 [heap] 7fdc79bd4000-7fdc79bf6000 r-xp 00000000 fd:01 394247 /lib/x86_64-linux-gnu/libtinfo.so.5.9 ... /proc/net/tcp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 0: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 2239 1 ffff88007bfd0000 100 0 0 10 0 ... /proc/net/udp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode ref pointer drops 12: 0DAAA8C0:D9D1 0100000A:0035 01 00000000:00000000 00:00000000 00000000 0 0 7534 2 ffff880078048000 0 And a test with a %n in a format string shows the warning: [ 10.693638] ------------[ cut here ]------------ [ 10.693657] WARNING: CPU: 0 PID: 2048 at lib/vsprintf.c:1693 vsnprintf+0x5c1/0x600() [ 10.693660] Please remove ignored %n in '%n [ 10.693663] ' ... Fixing the other callers of seq_printf to do the right thing (void or not) can be separate from this series. -Kees -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists