lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210323125535.1866249-1-arnd@kernel.org>
Date:   Tue, 23 Mar 2021 13:55:24 +0100
From:   Arnd Bergmann <arnd@...nel.org>
To:     Danil Kipnis <danil.kipnis@...ud.ionos.com>,
        Jack Wang <jinpu.wang@...ud.ionos.com>,
        Jens Axboe <axboe@...nel.dk>,
        Guoqing Jiang <guoqing.jiang@...ud.ionos.com>,
        Gioh Kim <gi-oh.kim@...ud.ionos.com>,
        Md Haris Iqbal <haris.iqbal@...ud.ionos.com>
Cc:     Arnd Bergmann <arnd@...db.de>,
        Colin Ian King <colin.king@...onical.com>,
        linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] block/rnbd-clt: fix overlapping snprintf arguments

From: Arnd Bergmann <arnd@...db.de>

The -Wrestrict warning (disabled by default) points out undefined
behavior calling snprintf():

drivers/block/rnbd/rnbd-clt-sysfs.c: In function 'rnbd_clt_get_path_name':
drivers/block/rnbd/rnbd-clt-sysfs.c:486:8: error: 'snprintf' argument 4 overlaps destination object 'buf' [-Werror=restrict]
  486 |  ret = snprintf(buf, len, "%s@%s", buf, dev->sess->sessname);
      |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/block/rnbd/rnbd-clt-sysfs.c:472:67: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
  472 | static int rnbd_clt_get_path_name(struct rnbd_clt_dev *dev, char *buf,
      |                                                             ~~~~~~^~~

This can be simplified by using a single snprintf() to print the
whole buffer, avoiding the undefined behavior.

Fixes: 91f4acb2801c ("block/rnbd-clt: support mapping two devices with the same name from different servers")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
 drivers/block/rnbd/rnbd-clt-sysfs.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/drivers/block/rnbd/rnbd-clt-sysfs.c b/drivers/block/rnbd/rnbd-clt-sysfs.c
index d4aa6bfc9555..38251b749664 100644
--- a/drivers/block/rnbd/rnbd-clt-sysfs.c
+++ b/drivers/block/rnbd/rnbd-clt-sysfs.c
@@ -479,11 +479,7 @@ static int rnbd_clt_get_path_name(struct rnbd_clt_dev *dev, char *buf,
 	while ((s = strchr(pathname, '/')))
 		s[0] = '!';
 
-	ret = snprintf(buf, len, "%s", pathname);
-	if (ret >= len)
-		return -ENAMETOOLONG;
-
-	ret = snprintf(buf, len, "%s@%s", buf, dev->sess->sessname);
+	ret = snprintf(buf, len, "%s@%s", pathname, dev->sess->sessname);
 	if (ret >= len)
 		return -ENAMETOOLONG;
 
-- 
2.29.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ