lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <545ee89e-9d51-4dff-a57e-f4e18af6c0eb@icloud.com>
Date: Sat, 11 Jan 2025 07:33:09 +0800
From: Zijun Hu <zijun_hu@...oud.com>
To: Rob Herring <robh@...nel.org>
Cc: Saravana Kannan <saravanak@...gle.com>, Maxime Ripard
 <mripard@...nel.org>, Robin Murphy <robin.murphy@....com>,
 Grant Likely <grant.likely@...retlab.ca>, Marc Zyngier <maz@...nel.org>,
 Andreas Herrmann <andreas.herrmann@...xeda.com>,
 Marek Szyprowski <m.szyprowski@...sung.com>,
 Catalin Marinas <catalin.marinas@....com>, Mike Rapoport <rppt@...nel.org>,
 Oreoluwa Babatunde <quic_obabatun@...cinc.com>, devicetree@...r.kernel.org,
 linux-kernel@...r.kernel.org, Zijun Hu <quic_zijuhu@...cinc.com>
Subject: Re: [PATCH v4 05/14] of: Fix available buffer size calculating error
 in API of_device_uevent_modalias()

On 2025/1/11 01:48, Rob Herring wrote:
> On Thu, Jan 09, 2025 at 09:26:56PM +0800, Zijun Hu wrote:
>> From: Zijun Hu <quic_zijuhu@...cinc.com>
>>
>> of_device_uevent_modalias() saves MODALIAS value from offset
>> (@env->buflen - 1), so the available buffer size should be
>> (sizeof(@env->buf) - @env->buflen + 1), but it uses the wrong
>> size (sizeof(@env->buf) - @env->buflen).
>>
>> Fix by using size of space from char '\0' inclusive which ends "MODALIAS=".
> 
> I prefer to get the printf specifier change merged rather than reviewing 
> if this is correct and doesn't introduce any new bugs. We're under 
> utilizing the buffer by 1 byte. I doubt anyone will ever hit that and 
> it's not any worse than if they exceed the correct size of the buffer.
> 

got it. you are right.

previous series v3 contains 3 patches related to MODALIAS. and i
keep this patch and drop other 2 patches in this v4 series.

my thoughts about keep this one is shown below:

1) this simple patch may record evolution history of the function.
2) you ever given suggestions about this change.
3) the issue printf specifier solution fix derives from discussion of
this change.

>>
>> Fixes: dd27dcda37f0 ("of/device: merge of_device_uevent")
>> Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
>> ---
>>  drivers/of/device.c | 14 ++++++++++----
>>  1 file changed, 10 insertions(+), 4 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ