lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1379317437-28329-1-git-send-email-keescook@chromium.org>
Date:	Mon, 16 Sep 2013 00:43:55 -0700
From:	Kees Cook <keescook@...omium.org>
To:	linux-kernel@...r.kernel.org
Cc:	joe@...ches.com, George Spelvin <linux@...izon.com>,
	dan.carpenter@...cle.com, viro@...iv.linux.org.uk,
	Jan Beulich <JBeulich@...e.com>,
	KOSAKI Motohiro <kosaki.motohiro@...il.com>,
	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
	akpm@...ux-foundation.org
Subject: [PATCH 0/2] vsprintf: ignore %n again

Whether seq_printf should return void or error, %n still needs to be removed.
As such, instead of changing the seq_file structure and adding instructions
to all callers of seq_printf, just examine seq->count for the callers that
care about how many characters were put into the buffer, as suggested by
George Spelvin. First patch removes all %n usage in favor of checking
seq->count before/after. Second patch makes %n ignore its argument.

Testing shows this all works happily, and everything is still getting
padded correctly:

/proc/consoles:
ttyS0                -W- (EC   a)    4:64
netcon0              -W- (E     )

/proc/self/maps:
...
01ee7000-01f08000 rw-p 00000000 00:00 0                                  [heap]
7fdc79bd4000-7fdc79bf6000 r-xp 00000000 fd:01 394247                     /lib/x86_64-linux-gnu/libtinfo.so.5.9
...

/proc/net/tcp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
   0: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 2239 1 ffff88007bfd0000 100 0 0 10 0
...

/proc/net/udp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
   12: 0DAAA8C0:D9D1 0100000A:0035 01 00000000:00000000 00:00000000 00000000     0        0 7534 2 ffff880078048000 0


And a test with a %n in a format string shows the warning:

[   10.693638] ------------[ cut here ]------------
[   10.693657] WARNING: CPU: 0 PID: 2048 at lib/vsprintf.c:1693 vsnprintf+0x5c1/0x600()
[   10.693660] Please remove ignored %n in '%n
[   10.693663] '
...

Fixing the other callers of seq_printf to do the right thing (void or not)
can be separate from this series.

-Kees

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ