| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bc22e93196284ddece102929ae9f6636358e6716.camel@perches.com>
Date: Fri, 23 Feb 2024 04:47:56 -0800
From: Joe Perches <joe@...ches.com>
To: Lee Jones <lee@...nel.org>
Cc: Justin Stitt <justinstitt@...gle.com>, Andy Whitcroft
<apw@...onical.com>, Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas
Bulwahn <lukas.bulwahn@...il.com>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org, Kees Cook <keescook@...omium.org>, Finn
Thain <fthain@...ux-m68k.org>
Subject: Re: [PATCH v2] checkpatch: add check for snprintf to scnprintf
On Fri, 2024-02-23 at 10:38 +0000, Lee Jones wrote:
> On Wed, 21 Feb 2024, Joe Perches wrote:
>
> > On Wed, 2024-02-21 at 22:11 +0000, Justin Stitt wrote:
> > > I am going to quote Lee Jones who has been doing some snprintf ->
> > > scnprintf refactorings:
> > >
> > > "There is a general misunderstanding amongst engineers that
> > > {v}snprintf() returns the length of the data *actually* encoded into the
> > > destination array. However, as per the C99 standard {v}snprintf()
> > > really returns the length of the data that *would have been* written if
> > > there were enough space for it. This misunderstanding has led to
> > > buffer-overruns in the past. It's generally considered safer to use the
> > > {v}scnprintf() variants in their place (or even sprintf() in simple
> > > cases). So let's do that."
> > >
> > > To help prevent new instances of snprintf() from popping up, let's add a
> > > check to checkpatch.pl.
> > >
> > > Suggested-by: Finn Thain <fthain@...ux-m68k.org>
> > > Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> > > ---
> > > Changes in v2:
> > > - Had a vim moment and deleted a character before sending the patch.
> > > - Replaced the character :)
> > > - Link to v1: https://lore.kernel.org/r/20240221-snprintf-checkpatch-v1-1-3ac5025b5961@google.com
> > > ---
> > > From a discussion here [1].
> > >
> > > [1]: https://lore.kernel.org/all/0f9c95f9-2c14-eee6-7faf-635880edcea4@linux-m68k.org/
> >
> > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> > []
> > > @@ -7012,6 +7012,12 @@ sub process {
> > > "Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90\n" . $herecurr);
> > > }
> > >
> > > +# snprintf uses that should likely be {v}scnprintf
> > > + if ($line =~ /\bsnprintf\s*\(\s*/) {
> > > + WARN("SNPRINTF",
> > > + "Prefer scnprintf over snprintf\n" . $herecurr);
> >
> > There really should be some sort of reference link here
> > similar to the one above this.
> >
> > Also, I rather doubt _all_ of these should be changed just
> > for churn's sake.
>
> This is for new implementations only.
>
> Kees is planning on changing all of the current instances kernel-wide.
I saw that. I also saw pushback.
Not just my own.
Creating a cocci script is easy.
Getting Linus and others to run it isn't.
Powered by blists - more mailing lists