| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130123174150.GA26336@gmail.com>
Date: Wed, 23 Jan 2013 12:41:50 -0500
From: Cong Ding <dinggnu@...il.com>
To: Alex Elder <elder@...tank.com>
Cc: Sage Weil <sage@...tank.com>,
"David S. Miller" <davem@...emloft.net>,
ceph-devel@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ceph/osdmap.c: fix undefined behavior when using
snprintf()
On Wed, Jan 23, 2013 at 10:48:07AM -0600, Alex Elder wrote:
> On 01/22/2013 01:20 PM, Cong Ding wrote:
> > The variable "str" is used as both the source and destination in function
> > snprintf(), which is undefined behavior based on C11. The original description
> > in C11 is:
> > "If copying takes place between objects that
> > overlap, the behavior is undefined."
>
> Yes, this was an ill-advised thing to do in this function.
>
> In fact, the only place this function is used (in osdmap_show()),
> the non-static buffer was not initialized before the call. (It
> might happen to work because the same stack space was getting
> reused each time through the loop. Eeeeew!)
>
> This is just an awful couple of functions.
>
> > And, the function of ceph_osdmap_state_str() is to return the osdmap state, so
> > it should return "doesn't exist" when all the conditions are not satisfied. I
> > fix it in this patch.
> >
> > Based on C11, snprintf() does nothing if n==0:
> > "If n is zero, nothing is written, and s may be a
> > null pointer. Otherwise, output characters beyond
> > the n-1st are discarded rather than being written to
> > the array, and a null character is written at the
> > end of the characters actually written into the
> > array."
> > so I remove the unnecessary check of len (because it is not a busy path and
> > saves a few lines of code).
>
> True. But since you know it's not going to do anything why
> not only make the call if len is non-zero? I.e.:
>
> else if (len)
> snprintf(str, len, "doesn't exist");
>
> With your permission I'll make this change and will commit
> this for you. OK?
It's fine, thanks. But I think it's better to check len in the beginning
because other conditions also call snprintf with parameter len. Like this:
if (!len)
return str;
if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP))
snprintf(str, len, "exists, up");
else if (state & CEPH_OSD_EXISTS)
snprintf(str, len, "exists");
else if (state & CEPH_OSD_UP)
snprintf(str, len, "up");
else
snprintf(str, len, "doesn't exist");
return str;
or like this:
if (len) {
if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP))
snprintf(str, len, "exists, up");
else if (state & CEPH_OSD_EXISTS)
snprintf(str, len, "exists");
else if (state & CEPH_OSD_UP)
snprintf(str, len, "up");
else
snprintf(str, len, "doesn't exist");
}
return str;
Thanks,
- cong
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists