lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0282be6f-e8ac-4428-a2ac-1ea6b7c25f4a@linux.dev>
Date: Thu, 15 Aug 2024 16:30:20 +0800
From: Kunwu Chan <kunwu.chan@...ux.dev>
To: NeilBrown <neilb@...e.de>
Cc: trondmy@...nel.org, anna@...nel.org, chuck.lever@...cle.com,
 jlayton@...nel.org, kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com,
 davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, linux-nfs@...r.kernel.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, Kunwu Chan <chentao@...inos.cn>
Subject: Re: [PATCH] SUNRPC: Fix -Wformat-truncation warning

Thanks for your reply.

On 2024/8/14 18:28, NeilBrown wrote:
> On Wed, 14 Aug 2024, kunwu.chan@...ux.dev wrote:
>> From: Kunwu Chan <chentao@...inos.cn>
>>
>> Increase size of the servername array to avoid truncated output warning.
>>
>> net/sunrpc/clnt.c:582:75: error:‘%s’ directive output may be truncated
>> writing up to 107 bytes into a region of size 48
>> [-Werror=format-truncation=]
>>    582 |                   snprintf(servername, sizeof(servername), "%s",
>>        |                                                             ^~
>>
>> net/sunrpc/clnt.c:582:33: note:‘snprintf’ output
>> between 1 and 108 bytes into a destination of size 48
>>    582 |                     snprintf(servername, sizeof(servername), "%s",
>>        |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>    583 |                                          sun->sun_path);
>>
>> Signed-off-by: Kunwu Chan <chentao@...inos.cn>
>> ---
>>   net/sunrpc/clnt.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
>> index 09f29a95f2bc..874085f3ed50 100644
>> --- a/net/sunrpc/clnt.c
>> +++ b/net/sunrpc/clnt.c
>> @@ -546,7 +546,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
>>   		.connect_timeout = args->connect_timeout,
>>   		.reconnect_timeout = args->reconnect_timeout,
>>   	};
>> -	char servername[48];
>> +	char servername[108];
> If we choose this approach to removing the warning, then we should use
> UNIX_PATH_MAX rather than 108.
My negligence.
>
> However the longest server name copied in here will in practice be
>     /var/run/rpcbind.sock
>
> so the extra 60 bytes on the stack is wasted ...  maybe that doesn't
> matter.
I'm thinking  about use a dynamic space alloc method like kasprintf to 
avoid space waste.
> The string is only used by xprt_create_transport() which requires it to
> be less than RPC_MAXNETNAMELEN - which is 256.
> So maybe that would be a better value to use for the array size ....  if
> we assume that stack space isn't a problem.

Thank you for the detailed explanation. I read the 
xprt_create_transport,  the RPC_MAXNETNAMELEN

is only use to xprt_create_transport .

> What ever number we use, I'd rather it was a defined constant, and not
> an apparently arbitrary number.

Whether we could check the sun->sun_path length before using snprintf?  
The array size should smaller

than  the minimum of sun->sun_path and RPC_MAXNETNAMELEN.

Or use the dynamic space allocate method to save space.

>
> Thanks,
> NeilBrown
>
>
>>   	struct rpc_clnt *clnt;
>>   	int i;
>>   
>> -- 
>> 2.40.1
>>
>>
-- 
Thanks,
   Kunwu.Chan


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ