lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56704758-ee74-0e9b-de1c-1dc94deda8d7@cambridgegreys.com>
Date:   Wed, 13 Mar 2019 09:45:30 +0000
From:   Anton Ivanov <anton.ivanov@...bridgegreys.com>
To:     Bartosz Golaszewski <brgl@...ev.pl>, Jeff Dike <jdike@...toit.com>,
        Richard Weinberger <richard@....at>
Cc:     Bartosz Golaszewski <bgolaszewski@...libre.com>,
        linux-um@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] um: remove uses of variable length arrays

On 12/03/2019 13:30, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bgolaszewski@...libre.com>
> 
> While the affected code is run in user-mode, the build still warns
> about it. Convert all uses of VLA to dynamic allocations.
> 
> Signed-off-by: Bartosz Golaszewski <bgolaszewski@...libre.com>
> ---
>   arch/um/os-Linux/umid.c | 36 +++++++++++++++++++++++++++---------
>   1 file changed, 27 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/um/os-Linux/umid.c b/arch/um/os-Linux/umid.c
> index 998fbb445458..e261656fe9d7 100644
> --- a/arch/um/os-Linux/umid.c
> +++ b/arch/um/os-Linux/umid.c
> @@ -135,12 +135,18 @@ static int remove_files_and_dir(char *dir)
>    */
>   static inline int is_umdir_used(char *dir)
>   {
> -	char file[strlen(uml_dir) + UMID_LEN + sizeof("/pid\0")];
> -	char pid[sizeof("nnnnn\0")], *end;
> +	char pid[sizeof("nnnnn\0")], *end, *file;
>   	int dead, fd, p, n, err;
> +	size_t filelen;
>   
> -	n = snprintf(file, sizeof(file), "%s/pid", dir);
> -	if (n >= sizeof(file)) {
> +	err = asprintf(&file, "%s/pid", dir);
> +	if (err < 0)
> +		return 0;
> +
> +	filelen = strlen(file);
> +
> +	n = snprintf(file, filelen, "%s/pid", dir);
> +	if (n >= filelen) {
>   		printk(UM_KERN_ERR "is_umdir_used - pid filename too long\n");
>   		err = -E2BIG;
>   		goto out;
> @@ -185,6 +191,7 @@ static inline int is_umdir_used(char *dir)
>   out_close:
>   	close(fd);
>   out:
> +	free(file);
>   	return 0;
>   }
>   
> @@ -210,18 +217,21 @@ static int umdir_take_if_dead(char *dir)
>   
>   static void __init create_pid_file(void)
>   {
> -	char file[strlen(uml_dir) + UMID_LEN + sizeof("/pid\0")];
> -	char pid[sizeof("nnnnn\0")];
> +	char pid[sizeof("nnnnn\0")], *file;
>   	int fd, n;
>   
> -	if (umid_file_name("pid", file, sizeof(file)))
> +	file = malloc(strlen(uml_dir) + UMID_LEN + sizeof("/pid\0"));
> +	if (!file)
>   		return;
>   
> +	if (umid_file_name("pid", file, sizeof(file)))
> +		goto out;
> +
>   	fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0644);
>   	if (fd < 0) {
>   		printk(UM_KERN_ERR "Open of machine pid file \"%s\" failed: "
>   		       "%s\n", file, strerror(errno));
> -		return;
> +		goto out;
>   	}
>   
>   	snprintf(pid, sizeof(pid), "%d\n", getpid());
> @@ -231,6 +241,8 @@ static void __init create_pid_file(void)
>   		       errno);
>   
>   	close(fd);
> +out:
> +	free(file);
>   }
>   
>   int __init set_umid(char *name)
> @@ -385,13 +397,19 @@ __uml_setup("uml_dir=", set_uml_dir,
>   
>   static void remove_umid_dir(void)
>   {
> -	char dir[strlen(uml_dir) + UMID_LEN + 1], err;
> +	char *dir, err;
> +
> +	dir = malloc(strlen(uml_dir) + UMID_LEN + 1);
> +	if (!dir)
> +		return;
>   
>   	sprintf(dir, "%s%s", uml_dir, umid);
>   	err = remove_files_and_dir(dir);
>   	if (err)
>   		os_warn("%s - remove_files_and_dir failed with err = %d\n",
>   			__func__, err);
> +
> +	free(dir);
>   }
>   
>   __uml_exitcall(remove_umid_dir);
> 

Thanks for bringing it up. It helped me notice that this is actually broken.

PID can be more than 5 digits nowdays.

-- 
Anton R. Ivanov
Cambridgegreys Limited. Registered in England. Company Number 10273661
https://www.cambridgegreys.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ