lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a87d99c0-4527-1430-996b-b30826ecc752@prevas.dk>
Date:   Tue, 23 Mar 2021 14:29:15 +0100
From:   Rasmus Villemoes <rasmus.villemoes@...vas.dk>
To:     Arnd Bergmann <arnd@...nel.org>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:     Arnd Bergmann <arnd@...db.de>,
        Zhang Qilong <zhangqilong3@...wei.com>,
        linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Input: analog - fix invalid snprintf() call

On 23/03/2021 14.14, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@...db.de>
> 
> overlapping input and output arguments to snprintf() are
> undefined behavior in C99:
> 

Good luck:
https://lore.kernel.org/lkml/1457469654-17059-1-git-send-email-linux@rasmusvillemoes.dk/

At least 5 years ago the consensus from old-timers was that "the
kernel's snprintf supports this use case, just keep it working that way".

> diff --git a/drivers/input/joystick/analog.c b/drivers/input/joystick/analog.c
> index f798922a4598..8c9fed3f13e2 100644
> --- a/drivers/input/joystick/analog.c
> +++ b/drivers/input/joystick/analog.c
> @@ -419,14 +419,16 @@ static void analog_calibrate_timer(struct analog_port *port)
>  
>  static void analog_name(struct analog *analog)
>  {
> -	snprintf(analog->name, sizeof(analog->name), "Analog %d-axis %d-button",
> +	int len;
> +
> +	len = snprintf(analog->name, sizeof(analog->name), "Analog %d-axis %d-button",
>  		 hweight8(analog->mask & ANALOG_AXES_STD),
>  		 hweight8(analog->mask & ANALOG_BTNS_STD) + !!(analog->mask & ANALOG_BTNS_CHF) * 2 +
>  		 hweight16(analog->mask & ANALOG_BTNS_GAMEPAD) + !!(analog->mask & ANALOG_HBTN_CHF) * 4);
>  
>  	if (analog->mask & ANALOG_HATS_ALL)
> -		snprintf(analog->name, sizeof(analog->name), "%s %d-hat",
> -			 analog->name, hweight16(analog->mask & ANALOG_HATS_ALL));
> +		len += snprintf(analog->name + len, sizeof(analog->name) - len, "%d-hat",
> +			 hweight16(analog->mask & ANALOG_HATS_ALL));

Use scnprintf, this is too fragile and hard to verify. If the first
snprintf overflows, the second passes a huge size_t to snprintf which
will WARN.

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ