| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jan 2013 11:47:54 -0600
From: Alex Elder <elder@...tank.com>
To: Cong Ding <dinggnu@...il.com>
CC: Sage Weil <sage@...tank.com>,
"David S. Miller" <davem@...emloft.net>,
ceph-devel@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ceph/osdmap.c: fix undefined behavior when using
snprintf()
On 01/23/2013 11:41 AM, Cong Ding wrote:
> On Wed, Jan 23, 2013 at 10:48:07AM -0600, Alex Elder wrote:
>> On 01/22/2013 01:20 PM, Cong Ding wrote:
>>> The variable "str" is used as both the source and destination in function
>>> snprintf(), which is undefined behavior based on C11. The original description
>>> in C11 is:
>>> "If copying takes place between objects that
>>> overlap, the behavior is undefined."
>>
>> Yes, this was an ill-advised thing to do in this function.
>>
>> In fact, the only place this function is used (in osdmap_show()),
>> the non-static buffer was not initialized before the call. (It
>> might happen to work because the same stack space was getting
>> reused each time through the loop. Eeeeew!)
>>
>> This is just an awful couple of functions.
>>
>>> And, the function of ceph_osdmap_state_str() is to return the osdmap state, so
>>> it should return "doesn't exist" when all the conditions are not satisfied. I
>>> fix it in this patch.
>>>
>>> Based on C11, snprintf() does nothing if n==0:
>>> "If n is zero, nothing is written, and s may be a
>>> null pointer. Otherwise, output characters beyond
>>> the n-1st are discarded rather than being written to
>>> the array, and a null character is written at the
>>> end of the characters actually written into the
>>> array."
>>> so I remove the unnecessary check of len (because it is not a busy path and
>>> saves a few lines of code).
>>
>> True. But since you know it's not going to do anything why
>> not only make the call if len is non-zero? I.e.:
>>
>> else if (len)
>> snprintf(str, len, "doesn't exist");
>>
>> With your permission I'll make this change and will commit
>> this for you. OK?
> It's fine, thanks. But I think it's better to check len in the beginning
> because other conditions also call snprintf with parameter len. Like this:
OK. I'll do this. Thank you. -Alex
> if (!len)
> return str;
>
> if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP))
> snprintf(str, len, "exists, up");
> else if (state & CEPH_OSD_EXISTS)
> snprintf(str, len, "exists");
> else if (state & CEPH_OSD_UP)
> snprintf(str, len, "up");
> else
> snprintf(str, len, "doesn't exist");
>
> return str;
>
> or like this:
>
> if (len) {
> if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP))
> snprintf(str, len, "exists, up");
> else if (state & CEPH_OSD_EXISTS)
> snprintf(str, len, "exists");
> else if (state & CEPH_OSD_UP)
> snprintf(str, len, "up");
> else
> snprintf(str, len, "doesn't exist");
> }
> return str;
>
> Thanks,
> - cong
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists