lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 25 Mar 2022 06:52:33 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'NeilBrown' <neilb@...e.de>, Haowen Bai <baihaowen@...zu.com>
CC:     "trond.myklebust@...merspace.com" <trond.myklebust@...merspace.com>,
        "anna@...nel.org" <anna@...nel.org>,
        "chuck.lever@...cle.com" <chuck.lever@...cle.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Haowen Bai <baihaowen@...zu.com>
Subject: RE: [PATCH] SUNRPC: Increase size of servername string

From: NeilBrown
> Sent: 25 March 2022 02:07
> 
> On Thu, 24 Mar 2022, Haowen Bai wrote:
> > This patch will fix the warning from smatch:
> >
> > net/sunrpc/clnt.c:562 rpc_create() error: snprintf() chops off
> > the last chars of 'sun->sun_path': 108 vs 48
> >
> > Signed-off-by: Haowen Bai <baihaowen@...zu.com>
> > ---
> >  net/sunrpc/clnt.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
> > index c83fe61..6e0209e 100644
> > --- a/net/sunrpc/clnt.c
> > +++ b/net/sunrpc/clnt.c
> > @@ -526,7 +526,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
> >  		.servername = args->servername,
> >  		.bc_xprt = args->bc_xprt,
> >  	};
> > -	char servername[48];
> > +	char servername[108];
> 
> It would be much nicer to use UNIX_PATH_MAX

No on-stack....

Given the use:

	if (xprtargs.servername == NULL) {
		struct sockaddr_un *sun =
				(struct sockaddr_un *)args->address;
		struct sockaddr_in *sin =
				(struct sockaddr_in *)args->address;
		struct sockaddr_in6 *sin6 =
				(struct sockaddr_in6 *)args->address;

		servername[0] = '\0';
		switch (args->address->sa_family) {
		case AF_LOCAL:
			snprintf(servername, sizeof(servername), "%s",
				 sun->sun_path);
			break;
		case AF_INET:
			snprintf(servername, sizeof(servername), "%pI4",
				 &sin->sin_addr.s_addr);
			break;
		case AF_INET6:
			snprintf(servername, sizeof(servername), "%pI6",
				 &sin6->sin6_addr);
			break;
		default:
			/* caller wants default server name, but
			 * address family isn't recognized. */
			return ERR_PTR(-EINVAL);
		}
		xprtargs.servername = servername;
	}

It looks like the AF_LOCAL case could be:
		xprtargs.servername = sun->sun_path;
Then the buffer only needs to be big enough for the IPv6 address.
For which 40 is enough.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ