lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Feb 2017 06:49:40 +0100
From:   Krzysztof Opasiak <k.opasiak@...sung.com>
To:     Jonathan Dieter <jdieter@...bg.com>, linux-kernel@...r.kernel.org
Cc:     Valentina Manea <valentina.manea.m@...il.com>,
        Shuah Khan <shuah@...nel.org>,
        Peter Senna Tschudin <peter.senna@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "open list:USB OVER IP DRIVER" <linux-usb@...r.kernel.org>
Subject: Re: [PATCH v2 1/2] usbip: Fix-format-overflow

Hi,

W dniu 2017-02-21 o 18:57, Jonathan Dieter pisze:
> The usbip userspace tools call sprintf()/snprintf() and don't check for
> the return value which can lead the paths to overflow, truncating the
> final file in the path.
>
> More urgently, GCC 7 now warns that these aren't checked with
> -Wformat-overflow, and with -Werror enabled in configure.ac, that makes
> these tools unbuildable.
>
> This patch fixes these problems by replacing sprintf() with snprintf() in
> one place and adding checks for the return value of snprintf().
>
> Reviewed-by: Peter Senna Tschudin <peter.senna@...il.com>
> Signed-off-by: Jonathan Dieter <jdieter@...bg.com>
> ---
>  tools/usb/usbip/libsrc/usbip_common.c      |  8 +++++++-
>  tools/usb/usbip/libsrc/usbip_host_common.c | 25 ++++++++++++++++++++-----
>  2 files changed, 27 insertions(+), 6 deletions(-)
>
> diff --git a/tools/usb/usbip/libsrc/usbip_common.c b/tools/usb/usbip/libsrc/usbip_common.c
> index ac73710..01dd4b2 100644
> --- a/tools/usb/usbip/libsrc/usbip_common.c
> +++ b/tools/usb/usbip/libsrc/usbip_common.c
> @@ -215,9 +215,15 @@ int read_usb_interface(struct usbip_usb_device *udev, int i,
>  		       struct usbip_usb_interface *uinf)
>  {
>  	char busid[SYSFS_BUS_ID_SIZE];
> +	unsigned int size;

I'm not really convinced to use unsigned here. snprintf() is declared to 
return signed integer so we should assume that some of its 
implementation may return negative error code. Any rationale to this 
instead of just doing a cast for comparsion but signed value to print error?

Best regards
-- 
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ