| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <71bf9b84-462f-405e-91aa-fb21fc6ffbd5@moroto.mountain>
Date: Thu, 7 Sep 2023 14:15:33 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Marion & Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
Longfang Liu <liulongfang@...wei.com>,
"David S. Miller" <davem@...emloft.net>,
Zaibo Xu <xuzaibo@...wei.com>, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: Re: [PATCH] crypto: hisilicon/hpre - Fix a erroneous check after
snprintf()
On Tue, Sep 05, 2023 at 07:27:47AM +0200, Marion & Christophe JAILLET wrote:
> >
> > The other snprintf in the same file also looks suspect.
>
> It looks correct to me.
>
> And HPRE_DBGFS_VAL_MAX_LEN being 20, it doesn't really matter. The string
> can't be truncated with just a "%u\n".
>
drivers/crypto/hisilicon/hpre/hpre_main.c
884 ret = snprintf(tbuf, HPRE_DBGFS_VAL_MAX_LEN, "%u\n", val);
885 return simple_read_from_buffer(buf, count, pos, tbuf, ret);
You can't pass the return value from snprintf() to simple_read_from_buffer().
Otherwise the snprintf() checking turned a sprintf() write overflow into
a read overflow, which is less bad but not ideal. It needs to be
scnprintf().
regards,
dan carpenter
Powered by blists - more mailing lists