| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240208102939.GF689448@google.com>
Date: Thu, 8 Feb 2024 10:29:39 +0000
From: Lee Jones <lee@...nel.org>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org,
Finn Thain <fthain@...ux-m68k.org>,
Michael Schmitz <schmitzmic@...il.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
drew@...orado.edu, Tnx to <Thomas_Roesch@...maus.de>,
linux-scsi@...r.kernel.org
Subject: Re: [PATCH 03/10] scsi: NCR5380: Replace snprintf() with the safer
scnprintf() variant
On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> Hi Lee,
>
> Thanks for your patch!
>
> On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <lee@...nel.org> wrote:
> > There is a general misunderstanding amongst engineers that {v}snprintf()
> > returns the length of the data *actually* encoded into the destination
> > array. However, as per the C99 standard {v}snprintf() really returns
> > the length of the data that *would have been* written if there were
> > enough space for it. This misunderstanding has led to buffer-overruns
> > in the past. It's generally considered safer to use the {v}scnprintf()
> > variants in their place (or even sprintf() in simple cases). So let's
> > do that.
>
> Confused... The return value is not used at all?
Future proofing. The idea of the effort is to rid the use entirely.
- Usage is inside a sysfs handler passing PAGE_SIZE as the size
- s/snprintf/sysfs_emit/
- Usage is inside a sysfs handler passing a bespoke value as the size
- s/snprintf/scnprintf/
- Return value used, but does *not* care about overflow
- s/snprintf/scnprintf/
- Return value used, caller *does* care about overflow
- s/snprintf/seq_buf/
- Return value not used
- s/snprintf/scnprintf/
This is the final case.
> > --- a/drivers/scsi/NCR5380.c
> > +++ b/drivers/scsi/NCR5380.c
> > @@ -421,14 +421,14 @@ static int NCR5380_init(struct Scsi_Host *instance, int flags)
> > if (!hostdata->work_q)
> > return -ENOMEM;
> >
> > - snprintf(hostdata->info, sizeof(hostdata->info),
> > - "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
> > - instance->hostt->name, instance->irq, hostdata->io_port,
> > - hostdata->base, instance->can_queue, instance->cmd_per_lun,
> > - instance->sg_tablesize, instance->this_id,
> > - hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
> > - hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
> > - hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
> > + scnprintf(hostdata->info, sizeof(hostdata->info),
> > + "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
> > + instance->hostt->name, instance->irq, hostdata->io_port,
> > + hostdata->base, instance->can_queue, instance->cmd_per_lun,
> > + instance->sg_tablesize, instance->this_id,
> > + hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
> > + hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
> > + hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
> >
> > NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
> > NCR5380_write(MODE_REG, MR_BASE);
--
Lee Jones [李琼斯]
Powered by blists - more mailing lists