lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YFo1WgbYqYdlwxV0@google.com>
Date:   Tue, 23 Mar 2021 11:37:14 -0700
From:   Dmitry Torokhov <dmitry.torokhov@...il.com>
To:     Rasmus Villemoes <rasmus.villemoes@...vas.dk>
Cc:     Arnd Bergmann <arnd@...nel.org>, Arnd Bergmann <arnd@...db.de>,
        Zhang Qilong <zhangqilong3@...wei.com>,
        linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Input: analog - fix invalid snprintf() call

On Tue, Mar 23, 2021 at 02:29:15PM +0100, Rasmus Villemoes wrote:
> On 23/03/2021 14.14, Arnd Bergmann wrote:
> > From: Arnd Bergmann <arnd@...db.de>
> > 
> > overlapping input and output arguments to snprintf() are
> > undefined behavior in C99:
> > 
> 
> Good luck:
> https://lore.kernel.org/lkml/1457469654-17059-1-git-send-email-linux@rasmusvillemoes.dk/
> 
> At least 5 years ago the consensus from old-timers was that "the
> kernel's snprintf supports this use case, just keep it working that way".
> 
> > diff --git a/drivers/input/joystick/analog.c b/drivers/input/joystick/analog.c
> > index f798922a4598..8c9fed3f13e2 100644
> > --- a/drivers/input/joystick/analog.c
> > +++ b/drivers/input/joystick/analog.c
> > @@ -419,14 +419,16 @@ static void analog_calibrate_timer(struct analog_port *port)
> >  
> >  static void analog_name(struct analog *analog)
> >  {
> > -	snprintf(analog->name, sizeof(analog->name), "Analog %d-axis %d-button",
> > +	int len;
> > +
> > +	len = snprintf(analog->name, sizeof(analog->name), "Analog %d-axis %d-button",
> >  		 hweight8(analog->mask & ANALOG_AXES_STD),
> >  		 hweight8(analog->mask & ANALOG_BTNS_STD) + !!(analog->mask & ANALOG_BTNS_CHF) * 2 +
> >  		 hweight16(analog->mask & ANALOG_BTNS_GAMEPAD) + !!(analog->mask & ANALOG_HBTN_CHF) * 4);
> >  
> >  	if (analog->mask & ANALOG_HATS_ALL)
> > -		snprintf(analog->name, sizeof(analog->name), "%s %d-hat",
> > -			 analog->name, hweight16(analog->mask & ANALOG_HATS_ALL));
> > +		len += snprintf(analog->name + len, sizeof(analog->name) - len, "%d-hat",
> > +			 hweight16(analog->mask & ANALOG_HATS_ALL));
> 
> Use scnprintf, this is too fragile and hard to verify. If the first
> snprintf overflows, the second passes a huge size_t to snprintf which
> will WARN.

Also the format needs to be " %d-hat" (note the leading space).

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ