| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Dec 2023 03:07:36 +0800
From: kernel test robot <lkp@...el.com>
To: Daniel Axtens <dja@...ens.net>
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org,
Francis Laniel <laniel_francis@...vacyrequired.com>,
Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Linux Memory Management List <linux-mm@...ck.org>
Subject: drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output
may be truncated writing up to 254 bytes into a region of size between 0 and
4095
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f2e8a57ee9036c7d5443382b6c3c09b51a92ec7e
commit: 6a39e62abbafd1d58d1722f40c7d26ef379c6a2f lib: string.h: detect intra-object overflow in fortified string functions
date: 3 years ago
config: arm64-allmodconfig (https://download.01.org/0day-ci/archive/20231210/202312100355.lHoJPgKy-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231210/202312100355.lHoJPgKy-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202312100355.lHoJPgKy-lkp@intel.com/
All warnings (new ones prefixed by >>):
drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':
>> drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
616 | snprintf(full_path, PATH_MAX, "%s/%s",
| ^~
In function 'rnbd_srv_get_full_path',
inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14:
drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096
616 | snprintf(full_path, PATH_MAX, "%s/%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
617 | dev_search_path, dev_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +616 drivers/block/rnbd/rnbd-srv.c
2de6c8de192b934 Jack Wang 2020-05-11 588
2de6c8de192b934 Jack Wang 2020-05-11 589 static char *rnbd_srv_get_full_path(struct rnbd_srv_session *srv_sess,
2de6c8de192b934 Jack Wang 2020-05-11 590 const char *dev_name)
2de6c8de192b934 Jack Wang 2020-05-11 591 {
2de6c8de192b934 Jack Wang 2020-05-11 592 char *full_path;
2de6c8de192b934 Jack Wang 2020-05-11 593 char *a, *b;
2de6c8de192b934 Jack Wang 2020-05-11 594
2de6c8de192b934 Jack Wang 2020-05-11 595 full_path = kmalloc(PATH_MAX, GFP_KERNEL);
2de6c8de192b934 Jack Wang 2020-05-11 596 if (!full_path)
2de6c8de192b934 Jack Wang 2020-05-11 597 return ERR_PTR(-ENOMEM);
2de6c8de192b934 Jack Wang 2020-05-11 598
2de6c8de192b934 Jack Wang 2020-05-11 599 /*
2de6c8de192b934 Jack Wang 2020-05-11 600 * Replace %SESSNAME% with a real session name in order to
2de6c8de192b934 Jack Wang 2020-05-11 601 * create device namespace.
2de6c8de192b934 Jack Wang 2020-05-11 602 */
2de6c8de192b934 Jack Wang 2020-05-11 603 a = strnstr(dev_search_path, "%SESSNAME%", sizeof(dev_search_path));
2de6c8de192b934 Jack Wang 2020-05-11 604 if (a) {
2de6c8de192b934 Jack Wang 2020-05-11 605 int len = a - dev_search_path;
2de6c8de192b934 Jack Wang 2020-05-11 606
2de6c8de192b934 Jack Wang 2020-05-11 607 len = snprintf(full_path, PATH_MAX, "%.*s/%s/%s", len,
2de6c8de192b934 Jack Wang 2020-05-11 608 dev_search_path, srv_sess->sessname, dev_name);
2de6c8de192b934 Jack Wang 2020-05-11 609 if (len >= PATH_MAX) {
2de6c8de192b934 Jack Wang 2020-05-11 610 pr_err("Too long path: %s, %s, %s\n",
2de6c8de192b934 Jack Wang 2020-05-11 611 dev_search_path, srv_sess->sessname, dev_name);
2de6c8de192b934 Jack Wang 2020-05-11 612 kfree(full_path);
2de6c8de192b934 Jack Wang 2020-05-11 613 return ERR_PTR(-EINVAL);
2de6c8de192b934 Jack Wang 2020-05-11 614 }
2de6c8de192b934 Jack Wang 2020-05-11 615 } else {
2de6c8de192b934 Jack Wang 2020-05-11 @616 snprintf(full_path, PATH_MAX, "%s/%s",
2de6c8de192b934 Jack Wang 2020-05-11 617 dev_search_path, dev_name);
2de6c8de192b934 Jack Wang 2020-05-11 618 }
2de6c8de192b934 Jack Wang 2020-05-11 619
2de6c8de192b934 Jack Wang 2020-05-11 620 /* eliminitate duplicated slashes */
2de6c8de192b934 Jack Wang 2020-05-11 621 a = strchr(full_path, '/');
2de6c8de192b934 Jack Wang 2020-05-11 622 b = a;
2de6c8de192b934 Jack Wang 2020-05-11 623 while (*b != '\0') {
2de6c8de192b934 Jack Wang 2020-05-11 624 if (*b == '/' && *a == '/') {
2de6c8de192b934 Jack Wang 2020-05-11 625 b++;
2de6c8de192b934 Jack Wang 2020-05-11 626 } else {
2de6c8de192b934 Jack Wang 2020-05-11 627 a++;
2de6c8de192b934 Jack Wang 2020-05-11 628 *a = *b;
2de6c8de192b934 Jack Wang 2020-05-11 629 b++;
2de6c8de192b934 Jack Wang 2020-05-11 630 }
2de6c8de192b934 Jack Wang 2020-05-11 631 }
2de6c8de192b934 Jack Wang 2020-05-11 632 a++;
2de6c8de192b934 Jack Wang 2020-05-11 633 *a = '\0';
2de6c8de192b934 Jack Wang 2020-05-11 634
2de6c8de192b934 Jack Wang 2020-05-11 635 return full_path;
2de6c8de192b934 Jack Wang 2020-05-11 636 }
2de6c8de192b934 Jack Wang 2020-05-11 637
:::::: The code at line 616 was first introduced by commit
:::::: 2de6c8de192b9341ffa5e84afe1ce6196d4eef41 block/rnbd: server: main functionality
:::::: TO: Jack Wang <jinpu.wang@...ud.ionos.com>
:::::: CC: Jason Gunthorpe <jgg@...lanox.com>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists