| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <59d78829-6744-420c-bb8e-f015ca76ecae@linux.dev> Date: Fri, 16 Aug 2024 09:52:56 +0800 From: Kunwu Chan <kunwu.chan@...ux.dev> To: NeilBrown <neilb@...e.de> Cc: trondmy@...nel.org, anna@...nel.org, chuck.lever@...cle.com, jlayton@...nel.org, kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, linux-nfs@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Kunwu Chan <chentao@...inos.cn> Subject: Re: [PATCH] SUNRPC: Fix -Wformat-truncation warning Thanks for your reply. On 2024/8/15 19:39, NeilBrown wrote: > On Thu, 15 Aug 2024, Kunwu Chan wrote: >> Thanks for your reply. >> >> On 2024/8/14 18:28, NeilBrown wrote: >>> On Wed, 14 Aug 2024, kunwu.chan@...ux.dev wrote: >>>> From: Kunwu Chan <chentao@...inos.cn> >>>> >>>> Increase size of the servername array to avoid truncated output warning. >>>> >>>> net/sunrpc/clnt.c:582:75: error:‘%s’ directive output may be truncated >>>> writing up to 107 bytes into a region of size 48 >>>> [-Werror=format-truncation=] >>>> 582 | snprintf(servername, sizeof(servername), "%s", >>>> | ^~ >>>> >>>> net/sunrpc/clnt.c:582:33: note:‘snprintf’ output >>>> between 1 and 108 bytes into a destination of size 48 >>>> 582 | snprintf(servername, sizeof(servername), "%s", >>>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>> 583 | sun->sun_path); >>>> >>>> Signed-off-by: Kunwu Chan <chentao@...inos.cn> >>>> --- >>>> net/sunrpc/clnt.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c >>>> index 09f29a95f2bc..874085f3ed50 100644 >>>> --- a/net/sunrpc/clnt.c >>>> +++ b/net/sunrpc/clnt.c >>>> @@ -546,7 +546,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args) >>>> .connect_timeout = args->connect_timeout, >>>> .reconnect_timeout = args->reconnect_timeout, >>>> }; >>>> - char servername[48]; >>>> + char servername[108]; >>> If we choose this approach to removing the warning, then we should use >>> UNIX_PATH_MAX rather than 108. >> My negligence. >>> However the longest server name copied in here will in practice be >>> /var/run/rpcbind.sock >>> >>> so the extra 60 bytes on the stack is wasted ... maybe that doesn't >>> matter. >> I'm thinking about use a dynamic space alloc method like kasprintf to >> avoid space waste. >>> The string is only used by xprt_create_transport() which requires it to >>> be less than RPC_MAXNETNAMELEN - which is 256. >>> So maybe that would be a better value to use for the array size .... if >>> we assume that stack space isn't a problem. >> Thank you for the detailed explanation. I read the >> xprt_create_transport, the RPC_MAXNETNAMELEN >> >> is only use to xprt_create_transport . >> >>> What ever number we use, I'd rather it was a defined constant, and not >>> an apparently arbitrary number. >> Whether we could check the sun->sun_path length before using snprintf? >> The array size should smaller >> >> than the minimum of sun->sun_path and RPC_MAXNETNAMELEN. >> >> Or use the dynamic space allocate method to save space. > I think that dynamically allocating space is not a good idea. It means > you have to handle failure which is just a waste of code. > > I'd suggest simply changing the array to RPC_MAXNETNAMELEN. I'll follow your suggestion and change it in v2. > > NeilBrown > > > >>> Thanks, >>> NeilBrown >>> >>> >>>> struct rpc_clnt *clnt; >>>> int i; >>>> >>>> -- >>>> 2.40.1 >>>> >>>> >> -- >> Thanks, >> Kunwu.Chan >> >> -- Thanks, Kunwu.Chan
Powered by blists - more mailing lists