lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250308093452.3742-5-david.laight.linux@gmail.com>
Date: Sat,  8 Mar 2025 09:34:48 +0000
From: David Laight <david.laight.linux@...il.com>
To: linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>
Cc: David Laight <david.laight.linux@...il.com>,
	Arnd Bergmann <arnd@...db.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Christophe Leroy <christophe.leroy@....fr>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Rasmus Villemoes <linux@...musvillemoes.dk>,
	nnac123@...ux.ibm.com,
	horms@...nel.org
Subject: [PATCH next 4/8] test_hexdump: Check for buffer overrun of sample output buffer

While the output generated by test_hexdump_prepare_test() shouldn't
be longer than the size of the buffer passed, for safety verify that
the buffer is long enough.
If too short fill the buffer with an error message - output on
test failure.

Signed-off-by: David Laight <david.laight.linux@...il.com>
---
 lib/test_hexdump.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/test_hexdump.c b/lib/test_hexdump.c
index 743ea5c78f9e..ed6f0b0a1bb3 100644
--- a/lib/test_hexdump.c
+++ b/lib/test_hexdump.c
@@ -39,6 +39,14 @@ static size_t __init test_hexdump_prepare_test(size_t len, size_t rowsize,
 		groupsize = 1;
 	byteswap = IS_ENABLED(CONFIG_CPU_BIG_ENDIAN) ? 0 : groupsize - 1;
 
+	/* Check test passed a big enough output buffer */
+	if (ascii)
+		i = rowsize * 2 + rowsize / groupsize + 1 + len + 1;
+	else
+		i = len * 2 + len / groupsize - 1 + 1;
+	if (i > testlen)
+		return scnprintf(test, testlen, "buffer too short %zu < %zu", testlen, i);
+
 	/* hex dump */
 	p = test;
 	for (i = 0, j = 0; i < len; i++) {
-- 
2.39.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ