| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <FFF73D592F13FD46B8700F0A279B802F57374492@ORSMSX114.amr.corp.intel.com>
Date: Mon, 13 Apr 2020 17:39:11 +0000
From: "Prakhya, Sai Praneeth" <sai.praneeth.prakhya@...el.com>
To: "Chatre, Reinette" <reinette.chatre@...el.com>,
David Binderman <dcb314@...mail.com>,
"Yu, Fenghua" <fenghua.yu@...el.com>,
"shuah@...nel.org" <shuah@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>
Subject: RE: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15:
error: Buffer is accessed out of bounds
> -----Original Message-----
> From: Reinette Chatre <reinette.chatre@...el.com>
> Sent: Monday, April 13, 2020 9:31 AM
> To: David Binderman <dcb314@...mail.com>; Yu, Fenghua
> <fenghua.yu@...el.com>; shuah@...nel.org; Linux Kernel Mailing List <linux-
> kernel@...r.kernel.org>; linux-kselftest@...r.kernel.org; Prakhya, Sai Praneeth
> <sai.praneeth.prakhya@...el.com>
> Subject: Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15:
> error: Buffer is accessed out of bounds
>
> +Sai
>
> On 4/13/2020 2:43 AM, David Binderman wrote:
> > Hello there,
> >
> > Source code is
> >
> > while (fgets(temp, 1024, fp)) {
> >
> > but
> >
> > char *token_array[8], temp[512];
> >
> > Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> > For example:
> >
> > # include <stdio.h>
> >
> > extern void g( int);
> >
> > void
> > f( FILE * fp)
> > {
> > char buf[ 100];
> >
> > while (fgets( buf, 200, fp) != 0)
> > {
> > g( 1);
> > }
> > }
> >
> > gives
> >
> > $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2
> > apr13c.cc In file included from /usr/include/stdio.h:867,
> > from apr13c.cc:2:
> > In function 'char* fgets(char*, int, FILE*)',
> > inlined from 'void f(FILE*)' at apr13c.cc:11:14:
> > /usr/include/bits/stdio2.h:263:26: warning: call to '__fgets_chk_warn'
> > declared with attribute warning: fgets called with bigger size than
> > length of destination buffer [-Wattribute-warning]
> >
> > I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in all
> > development builds.
> >
>
> Thank you very much for catching this David.
>
> Sai: could you include this fix in your upcoming series of fixes? Using the pattern
> of "fgets(buf, sizeof(buf), ...)" instead of hard coding the size should be helpful
> here.
Reinette: Sure! I will include this fix. Just FYI, I did notice this and have fixed it in V1 patches that I sent out earlier.
David: Thanks for bringing this up. I wasn't aware of the gcc flag you had mentioned. I will add it.
Regards,
Sai
Powered by blists - more mailing lists