lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YILjXk4lXavneW7H@alley>
Date:   Fri, 23 Apr 2021 17:10:22 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] lib/vsprintf.c: remove leftover 'f' and 'F' cases from
 bstr_printf()

On Fri 2021-04-23 11:45:29, Rasmus Villemoes wrote:
> Commit 9af7706492f9 ("lib/vsprintf: Remove support for %pF and %pf in
> favour of %pS and %ps") removed support for %pF and %pf, and correctly
> removed the handling of those cases in vbin_printf(). However, the
> corresponding cases in bstr_printf() were left behind.
> 
> In the same series, %pf was re-purposed for dealing with
> fwnodes (3bd32d6a2ee6, "lib/vsprintf: Add %pfw conversion specifier
> for printing fwnode names").
> 
> So should anyone use %pf with the binary printf routines,
> vbin_printf() would (correctly, as it involves dereferencing the
> pointer) do the string formatting to the u32 array, but bstr_printf()
> would not copy the string from the u32 array, but instead interpret
> the first sizeof(void*) bytes of the formatted string as a pointer -
> which generally won't end well (also, all subsequent get_args would be
> out of sync).
> 
> Fixes: 9af7706492f9 ("lib/vsprintf: Remove support for %pF and %pf in favour of %pS and %ps")
> Cc: stable@...r.kernel.org
> Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>

Great catch!

The patch is pushed in printk/linux.git, branch for-5.13 now.

I did it quickly because the merge window will likely be opened
next week and this should get in.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ