| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Feb 2018 10:58:17 -0700
From: Shuah Khan <shuah@...nel.org>
To: Dominik Brodowski <linux@...inikbrodowski.net>,
Ingo Molnar <mingo@...nel.org>, linux-kselftest@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
Andrew Lutomirski <luto@...nel.org>,
Shuah Khan <shuahkh@....samsung.com>,
Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH] selftests/x86: clarify that there is no buffer overflow
on sscanf usage
On 02/11/2018 01:59 PM, Dominik Brodowski wrote:
>
> Suggested-by: Ingo Molnar <mingo@...nel.org>
> CC: Andy Lutomirski <luto@...nel.org>
> Signed-off-by: Dominik Brodowski <linux@...inikbrodowski.net>
>
Missing commit log. Please add one.
thanks,
-- Shuah
> ---
>
>> Yeah, probably - but still, this connection and the sscanf() guarantee is not
>> obvious at first sight, so please improve this to derive from the same value
>> (define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line
>> that this is safe because strlen(name) >= strlen(line).
>
> Sounds reasonable. Patch (which applies on top of the five patches for
> selftests/x86 I sent out earlier today) is attached.
>
> Thanks,
> Dominik
>
> diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c
> index 558c8207e7b9..7ade625f10ed 100644
> --- a/tools/testing/selftests/x86/test_vdso.c
> +++ b/tools/testing/selftests/x86/test_vdso.c
> @@ -26,6 +26,9 @@
> # endif
> #endif
>
> +/* max length of lines in /proc/self/maps - anything longer is skipped here */
> +#define MAPS_LINE_LEN 128
> +
> int nerrs = 0;
>
> typedef long (*getcpu_t)(unsigned *, unsigned *, void *);
> @@ -37,17 +40,19 @@ static void *vsyscall_getcpu(void)
> {
> #ifdef __x86_64__
> FILE *maps;
> - char line[128];
> + char line[MAPS_LINE_LEN];
> bool found = false;
>
> maps = fopen("/proc/self/maps", "r");
> if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */
> return NULL;
>
> - while (fgets(line, sizeof(line), maps)) {
> + while (fgets(line, MAPS_LINE_LEN, maps)) {
> char r, x;
> void *start, *end;
> - char name[128];
> + char name[MAPS_LINE_LEN];
> +
> + /* sscanf is safe here as strlen(name) >= strlen(line) */
> if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
> &start, &end, &r, &x, name) != 5)
> continue;
> diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c
> index 7a744fa7b786..ee92e4727f18 100644
> --- a/tools/testing/selftests/x86/test_vsyscall.c
> +++ b/tools/testing/selftests/x86/test_vsyscall.c
> @@ -33,6 +33,9 @@
> # endif
> #endif
>
> +/* max length of lines in /proc/self/maps - anything longer is skipped here */
> +#define MAPS_LINE_LEN 128
> +
> static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
> int flags)
> {
> @@ -98,7 +101,7 @@ static int init_vsys(void)
> #ifdef __x86_64__
> int nerrs = 0;
> FILE *maps;
> - char line[128];
> + char line[MAPS_LINE_LEN];
> bool found = false;
>
> maps = fopen("/proc/self/maps", "r");
> @@ -108,10 +111,12 @@ static int init_vsys(void)
> return 0;
> }
>
> - while (fgets(line, sizeof(line), maps)) {
> + while (fgets(line, MAPS_LINE_LEN, maps)) {
> char r, x;
> void *start, *end;
> - char name[128];
> + char name[MAPS_LINE_LEN];
> +
> + /* sscanf is safe here as strlen(name) >= strlen(line) */
> if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
> &start, &end, &r, &x, name) != 5)
> continue;
>
>
Powered by blists - more mailing lists