lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <PH0PR21MB3025B7DD8FB6F44BF45334A7D79F9@PH0PR21MB3025.namprd21.prod.outlook.com>
Date:   Thu, 4 Aug 2022 18:38:24 +0000
From:   "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
To:     Saurabh Sengar <ssengar@...ux.microsoft.com>,
        "song@...nel.org" <song@...nel.org>, "shli@...com" <shli@...com>,
        "neilb@...e.com" <neilb@...e.com>,
        "linux-raid@...r.kernel.org" <linux-raid@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Saurabh Singh Sengar <ssengar@...rosoft.com>
Subject: RE: [PATCH] md : Replace snprintf with scnprintf

From: Saurabh Sengar <ssengar@...ux.microsoft.com> Sent: Thursday, August 4, 2022 10:26 AM
> 
> Current code produces a warning as shown below when total characters
> in the constituent block device names plus the slashes exceeds 200.
> snprintf() returns the number of characters generated from the given
> input, which could cause the expression “200 – len” to wrap around
> to a large positive number. Fix this by using scnprintf() instead,
> which returns the actual number of characters written into the buffer.
> 
> [ 1513.267938] ------------[ cut here ]------------
> [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509
> vsnprintf+0x2c8/0x510
> [ 1513.267944] Modules linked in:  <snip>
> [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure
> #90~18.04.1-Ubuntu
> [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual
> Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022
> [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510
> <-snip->
> [ 1513.267982] Call Trace:
> [ 1513.267986]  snprintf+0x45/0x70
> [ 1513.267990]  ? disk_name+0x71/0xa0
> [ 1513.267993]  dump_zones+0x114/0x240 [raid0]
> [ 1513.267996]  ? _cond_resched+0x19/0x40
> [ 1513.267998]  raid0_run+0x19e/0x270 [raid0]
> [ 1513.268000]  md_run+0x5e0/0xc50
> [ 1513.268003]  ? security_capable+0x3f/0x60
> [ 1513.268005]  do_md_run+0x19/0x110
> [ 1513.268006]  md_ioctl+0x195e/0x1f90
> [ 1513.268007]  blkdev_ioctl+0x91f/0x9f0
> [ 1513.268010]  block_ioctl+0x3d/0x50
> [ 1513.268012]  do_vfs_ioctl+0xa9/0x640
> [ 1513.268014]  ? __fput+0x162/0x260
> [ 1513.268016]  ksys_ioctl+0x75/0x80
> [ 1513.268017]  __x64_sys_ioctl+0x1a/0x20
> [ 1513.268019]  do_syscall_64+0x5e/0x200
> [ 1513.268021]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> 
> Fixes: 766038846e875 ("md/raid0: replace printk() with pr_*()")
> Signed-off-by: Saurabh Sengar <ssengar@...ux.microsoft.com>
> ---
>  drivers/md/raid0.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
> index b21e101..b6f0fc1 100644
> --- a/drivers/md/raid0.c
> +++ b/drivers/md/raid0.c
> @@ -48,7 +48,7 @@ static void dump_zones(struct mddev *mddev)
>  		int len = 0;
> 
>  		for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
> -			len += snprintf(line+len, 200-len, "%s%s", k?"/":"",
> +			len += scnprintf(line+len, 200-len, "%s%s", k?"/":"",
>  					bdevname(conf->devlist[j*raid_disks
>  							       + k]->bdev, b));
>  		pr_debug("md: zone%d=[%s]\n", j, line);
> --
> 1.8.3.1

Reviewed-by: Michael Kelley <mikelley@...rosoft.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ