linux-kernel - Re: [PATCH] block/rnbd-clt: fix overlapping snprintf arguments

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date:   Wed, 24 Mar 2021 11:34:08 +0100
From:   Jinpu Wang <jinpu.wang@...os.com>
To:     Arnd Bergmann <arnd@...nel.org>
Cc:     Danil Kipnis <danil.kipnis@...ud.ionos.com>,
        Jack Wang <jinpu.wang@...ud.ionos.com>,
        Jens Axboe <axboe@...nel.dk>,
        Guoqing Jiang <guoqing.jiang@...ud.ionos.com>,
        Gioh Kim <gi-oh.kim@...ud.ionos.com>,
        Md Haris Iqbal <haris.iqbal@...ud.ionos.com>,
        Arnd Bergmann <arnd@...db.de>,
        Colin Ian King <colin.king@...onical.com>,
        linux-block <linux-block@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] block/rnbd-clt: fix overlapping snprintf arguments

On Tue, Mar 23, 2021 at 1:55 PM Arnd Bergmann <arnd@...nel.org> wrote:
>
> From: Arnd Bergmann <arnd@...db.de>
>
> The -Wrestrict warning (disabled by default) points out undefined
> behavior calling snprintf():
>
> drivers/block/rnbd/rnbd-clt-sysfs.c: In function 'rnbd_clt_get_path_name':
> drivers/block/rnbd/rnbd-clt-sysfs.c:486:8: error: 'snprintf' argument 4 overlaps destination object 'buf' [-Werror=restrict]
>   486 |  ret = snprintf(buf, len, "%s@%s", buf, dev->sess->sessname);
>       |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/block/rnbd/rnbd-clt-sysfs.c:472:67: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
>   472 | static int rnbd_clt_get_path_name(struct rnbd_clt_dev *dev, char *buf,
>       |                                                             ~~~~~~^~~
>
> This can be simplified by using a single snprintf() to print the
> whole buffer, avoiding the undefined behavior.
>
> Fixes: 91f4acb2801c ("block/rnbd-clt: support mapping two devices with the same name from different servers")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  drivers/block/rnbd/rnbd-clt-sysfs.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/drivers/block/rnbd/rnbd-clt-sysfs.c b/drivers/block/rnbd/rnbd-clt-sysfs.c
> index d4aa6bfc9555..38251b749664 100644
> --- a/drivers/block/rnbd/rnbd-clt-sysfs.c
> +++ b/drivers/block/rnbd/rnbd-clt-sysfs.c
> @@ -479,11 +479,7 @@ static int rnbd_clt_get_path_name(struct rnbd_clt_dev *dev, char *buf,
>         while ((s = strchr(pathname, '/')))
>                 s[0] = '!';
>
> -       ret = snprintf(buf, len, "%s", pathname);
> -       if (ret >= len)
> -               return -ENAMETOOLONG;
> -
> -       ret = snprintf(buf, len, "%s@%s", buf, dev->sess->sessname);
> +       ret = snprintf(buf, len, "%s@%s", pathname, dev->sess->sessname);
>         if (ret >= len)
>                 return -ENAMETOOLONG;
>
> --
> 2.29.2
>
Thanks Arnd, We have a same patch will send out soon as part of a
bigger patchset.