lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 Nov 2017 21:01:26 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     sathyanarayanan.kuppuswamy@...ux.intel.com
Cc:     Pali Rohár <pali.rohar@...il.com>,
        Mario Limonciello <mario.limonciello@...l.com>,
        Darren Hart <dvhart@...radead.org>,
        Andy Shevchenko <andy@...radead.org>,
        "Edward O'Callaghan" <quasisec@...gle.com>,
        Hans de Goede <hdegoede@...hat.com>,
        Platform Driver <platform-driver-x86@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] dell-smbios: fix string overflow

On Wed, Nov 8, 2017 at 7:22 PM, sathyanarayanan kuppuswamy
<sathyanarayanan.kuppuswamy@...ux.intel.com> wrote:
> Hi,
>
> I recommend using "platform/x86: dell-smbios:" in commit header.

Ok, noted. I usually try to follow the lines for each maintainer, but
I'm not always
keeping track of each one, sorry.

> On 11/08/2017 04:08 AM, Arnd Bergmann wrote:
>>
>> The new sysfs code overwrites two fixed-length character arrays
>> that are each one byte shorter than they need to be, to hold
>> the trailing \0:
>>
>> drivers/platform/x86/dell-smbios.c: In function 'build_tokens_sysfs':
>> drivers/platform/x86/dell-smbios.c:494:42: error: 'sprintf' writing a
>> terminating nul past the end of the destination [-Werror=format-overflow=]
>>     sprintf(buffer_location, "%04x_location",
>> drivers/platform/x86/dell-smbios.c:494:3: note: 'sprintf' output 14 bytes
>> into a destination of size 13
>> drivers/platform/x86/dell-smbios.c:506:36: error: 'sprintf' writing a
>> terminating nul past the end of the destination [-Werror=format-overflow=]
>>     sprintf(buffer_value, "%04x_value",
>> drivers/platform/x86/dell-smbios.c:506:3: note: 'sprintf' output 11 bytes
>> into a destination of size 10
>
> Don't need to include the error log in commit message. Just explaining the
> issue is good enough.

I always include the messages I get, it helps a lot when you run into a related
problem and find it in either the git log or using google search.

It's particularly useful when patches that introduce warnings get backported
to stable kernels.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ