lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 27 Nov 2012 20:41:11 +0000
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Tomas Hozza <thozza@...hat.com>
Cc:	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	devel@...uxdriverproject.org, olaf@...fle.de, apw@...onical.com,
	jasowang@...hat.com, kys@...rosoft.com
Subject: Re: [PATCH 1/3] tools/hv: Fix for long file names from readdir

On Tue, Nov 27, 2012 at 03:28:25PM -0500, Tomas Hozza wrote:
> 
> 
> ----- Original Message -----
> > On Tue, 2012-11-27 at 08:56 +0100, Tomas Hozza wrote:
> > > kvp_get_if_name and kvp_mac_to_if_name copy strings into statically
> > > sized buffers which could be too small to store really long names.
> > >
> > > Buffer sizes have been changed to PATH_MAX, include "limits.h"
> > > where
> > > PATH_MAX is defined was added and length checks ware added via
> > > snprintf.
> > [...]
> > 
> > PATH_MAX has nothing to do with any actual kernel limit; it's no more
> > meaningful than the current value of 256.  Network interface names
> > are
> > limited to 15 characters, thus the current array is more than long
> > enough.  So I think this is entirely unnecessary.
> 
> This is just for sanity. The value PATH_MAX was chosen after discussion
> with K. Y. Srinivasan and Olaf Hering instead of some "magic" number like
> 256 or 512.

PATH_MAX is a magic name.

> > Using snprintf() is a good idea, but you need to check the return
> > value and handle the truncation case somehow.
> 
> By using PATH_MAX sized buffer there is no need for handling the truncation
> case.
 
You are claiming two contradictory things: sprintf() may overrun the
buffer, so we need the length check provided by snprintf(), but there
is no need to check for truncation because we know the length is
sufficient.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
                                                              - Albert Camus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ