| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Sep 2013 16:03:25 -0700 From: Kees Cook <keescook@...omium.org> To: Joe Perches <joe@...ches.com> Cc: George Spelvin <linux@...izon.com>, Andrew Morton <akpm@...ux-foundation.org>, Dan Carpenter <dan.carpenter@...cle.com>, "David S. Miller" <davem@...emloft.net>, Eldad Zack <eldad@...refinery.com>, Jan Beulich <jbeulich@...e.com>, Jiri Kosina <jkosina@...e.cz>, LKML <linux-kernel@...r.kernel.org>, Randy Dunlap <rdunlap@...radead.org>, Al Viro <viro@...iv.linux.org.uk>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Subject: Re: [PATCH] vsprintf: drop comment claiming %n is ignored On Fri, Sep 13, 2013 at 3:27 PM, Joe Perches <joe@...ches.com> wrote: > On Fri, 2013-09-13 at 15:53 -0400, George Spelvin wrote: >> > Maybe WARN_ONCE so it's easier to emit the format too. >> >> Good idea. And, if it's not too much trouble, a comment explaining >> why it's deliberately omitted so the issue doesn't arise again. > > Before any of the %n uses could be removed, I believe seq_printf > could to be converted to return void and have a another mechanism > to determine if any error occurred and the length of the output of > seq_printf. > > I've done a preliminary conversion of seq_printf and seq_vprintf > to return void and added last_ret and last_len to struct seq_file. > > If that's applied, it's trivial to convert vsnprintf to skip %n. > > Anyone have an opinion of a different conversion mechanism? Maybe I missed this somewhere in the thread, but I'm not sure I understand the move to "void". Here's what I see, please correct me: 1- seq_printf currently returns success/failure 2- some callers of seq_printf (correctly) use the return value as success/failure indication 3- some callers of seq_printf (incorrectly) use the return value as a length indication 4- both success/failure and length are important outputs from seq_printf 5- we need a way to access the length written during the call 6- want to minimize impact on the code base Due to 1 and 2, it seems like there's no sense in changing the return value to void. Success/failure is already returned, and there are users of it. No sense changing them. The normal way to handle multiple return values (4 and 5) is to add a pointer argument. For example: seq_printf(s, &len, fmt, args...) where len can be NULL. But this runs against 6. Due to 6, to solve 4 and 5, usually macro or inline tricks are used, for example: __printf(3, 4) int seq_printf_len(struct seq_file *, size_t *len, ...); #define seq_printf(s, fmt, ...) seq_printf_len(s, NULL, fmt, ##__VA_ARGS__) With this, solving 3 becomes possible (your void patch has already detected all the users of the return value, so we can sort out which expect length and which expect success/failure), and lets us actually remove the %n uses trivially too. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists