lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADf5TKvyKvaP3eZUR81ND6JQUfVqUEroCrXp=joZ8GHdu2EBbA@mail.gmail.com>
Date: Sun, 22 Jun 2025 22:09:58 +0330
From: Amir Mohammad Jahangirzad <a.jahangirzad@...il.com>
To: hubcap@...ibond.com
Cc: martin@...ibond.com, devel@...ts.orangefs.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fs/orangefs: use snprintf() instead of sprintf()

On Sun, Jun 8, 2025 at 8:06 PM Amir Mohammad Jahangirzad
<a.jahangirzad@...il.com> wrote:
>
> sprintf() is discouraged for use with bounded destination buffers
> as it does not prevent buffer overflows when the formatted output
> exceeds the destination buffer size. snprintf() is a safer
> alternative as it limits the number of bytes written and ensures
> NUL-termination.
>
> Replace sprintf() with snprintf() for copying the debug string
> into a temporary buffer, using ORANGEFS_MAX_DEBUG_STRING_LEN as
> the maximum size to ensure safe formatting and prevent memory
> corruption in edge cases.
>
>
> Signed-off-by: Amir Mohammad Jahangirzad <a.jahangirzad@...il.com>
> ---
>  fs/orangefs/orangefs-debugfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
> index f7095c91660c..e1613e0847e8 100644
> --- a/fs/orangefs/orangefs-debugfs.c
> +++ b/fs/orangefs/orangefs-debugfs.c
> @@ -396,7 +396,7 @@ static ssize_t orangefs_debug_read(struct file *file,
>                 goto out;
>
>         mutex_lock(&orangefs_debug_lock);
> -       sprintf_ret = sprintf(buf, "%s", (char *)file->private_data);
> +       sprintf_ret = snprintf(buf, ORANGEFS_MAX_DEBUG_STRING_LEN, "%s", (char *)file->private_data);
>         mutex_unlock(&orangefs_debug_lock);
>
>         read_ret = simple_read_from_buffer(ubuf, count, ppos, buf, sprintf_ret);
> --
> 2.43.0
>

Hi there,

Just following up to see if there's anything you'd like me to change or
address in the patch before it can move forward.

Please let me know if any updates are needed.

Regards,
Amir Mohammad Jahangirzad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ