lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGG=3QUKdEB9nw=Gxppewww1tzC=hcry1UnZ-j28=RU1KWFm7A@mail.gmail.com>
Date: Fri, 15 Mar 2024 13:14:11 -0700
From: Bill Wendling <morbo@...gle.com>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Andy Whitcroft <apw@...onical.com>, Joe Perches <joe@...ches.com>, 
	Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, 
	linux-kernel@...r.kernel.org, Lee Jones <lee@...nel.org>, 
	linux-hardening@...r.kernel.org, Kees Cook <keescook@...omium.org>, 
	Finn Thain <fthain@...ux-m68k.org>
Subject: Re: [PATCH v3] checkpatch: add check for snprintf to scnprintf

On Fri, Mar 15, 2024 at 1:09 PM Justin Stitt <justinstitt@...gle.com> wrote:
>
> I am going to quote Lee Jones who has been doing some snprintf ->
> scnprintf refactorings:
>
> "There is a general misunderstanding amongst engineers that
> {v}snprintf() returns the length of the data *actually* encoded into the
> destination array.  However, as per the C99 standard {v}snprintf()
> really returns the length of the data that *would have been* written if
> there were enough space for it.  This misunderstanding has led to
> buffer-overruns in the past.  It's generally considered safer to use the
> {v}scnprintf() variants in their place (or even sprintf() in simple
> cases).  So let's do that."
>
> To help prevent new instances of snprintf() from popping up, let's add a
> check to checkpatch.pl.
>
> Suggested-by: Finn Thain <fthain@...ux-m68k.org>
> Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> ---
> Changes in v3:
> - fix indentation
> - add reference link (https://github.com/KSPP/linux/issues/105) (thanks Joe)
> - Link to v2: https://lore.kernel.org/r/20240221-snprintf-checkpatch-v2-1-9baeb59dae30@google.com
>
> Changes in v2:
> - Had a vim moment and deleted a character before sending the patch.
> - Replaced the character :)
> - Link to v1: https://lore.kernel.org/r/20240221-snprintf-checkpatch-v1-1-3ac5025b5961@google.com
> ---
> From a discussion here [1].
>
> [1]: https://lore.kernel.org/all/0f9c95f9-2c14-eee6-7faf-635880edcea4@linux-m68k.org/
> ---
>  scripts/checkpatch.pl | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 9c4c4a61bc83..69dfb7412014 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -7012,6 +7012,12 @@ sub process {
>                              "Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90\n" . $herecurr);
>                 }
>
> +# snprintf uses that should likely be {v}scnprintf
> +               if ($line =~ /\bsnprintf\s*\(\s*/) {

Should this check for the 'vsnprintf' variant as well?

-bw

> +                       WARN("SNPRINTF",
> +                            "Prefer scnprintf over snprintf - see: https://github.com/KSPP/linux/issues/105\n" . $herecurr);
> +               }
> +
>  # ethtool_sprintf uses that should likely be ethtool_puts
>                 if ($line =~ /\bethtool_sprintf\s*\(\s*$FuncArg\s*,\s*$FuncArg\s*\)/) {
>                         if (WARN("PREFER_ETHTOOL_PUTS",
>
> ---
> base-commit: b401b621758e46812da61fa58a67c3fd8d91de0d
> change-id: 20240221-snprintf-checkpatch-a864ed67ebd0
>
> Best regards,
> --
> Justin Stitt <justinstitt@...gle.com>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ