| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <73e7c4d1-cdaf-3901-44a0-85f076588d72@x41-dsec.de>
Date: Wed, 11 Oct 2017 10:28:18 +0200
From: Eric Sesterhenn <eric.sesterhenn@...-dsec.de>
To: linux-kernel@...r.kernel.org
Subject: [PATCH 0/7] Graceful snprintf truncation handling
snprintf returns the number of bytes required to print the full
string, even if the string is truncated. If this return value
is used for calculations, the size parameter might underflow
as shown e.g. in afdb05e9d61905220f09268535235288e6ba3a16
This causes a warning in the next snprintf iteration, since
it checks that size < INT_MAX.
These patches prevent these warnings.
Eric Sesterhenn (7):
Handle snprintf calculations in x_tables
Handle snprintf calculation in stackglue
Fix snprintf calculation in filecheck
Prevent u32_format_array from returning a size too big
Handle snprintf calulation more graceful in v9fs
Handle snprintf truncation in msm_perf more gracefully
Handle snprintf truncation more graceful in thunderx_edac
drivers/edac/thunderx_edac.c | 2 ++
drivers/gpu/drm/msm/msm_perf.c | 12 +++++++-----
fs/9p/v9fs.c | 4 ++++
fs/debugfs/file.c | 3 +++
fs/ocfs2/filecheck.c | 2 +-
fs/ocfs2/stackglue.c | 2 +-
net/netfilter/x_tables.c | 2 ++
7 files changed, 20 insertions(+), 7 deletions(-)
--
Eric Sesterhenn (Principal Security Consultant)
X41 D-SEC GmbH, Dennewartstr. 25-27, D-52068 Aachen
T: +49 241 9809418-0, Fax: -9
Unternehmenssitz: Aachen, Amtsgericht Aachen: HRB19989
Geschäftsführer: Markus Vervier
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists