lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAH4c4jLAQghiQXMVB3-pYhoE0HiFPHdN3d7LT0rVCmJ-o6SP=A@mail.gmail.com>
Date: Tue, 1 Jul 2025 16:59:23 +0530
From: Pranav Tyagi <pranav.tyagi03@...il.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, chentao@...inos.cn, 
	skhan@...uxfoundation.org, linux-kernel-mentees@...ts.linux.dev
Subject: Re: [PATCH] firmware/memmap: use scnprintf() in show funcs

On Tue, Jul 1, 2025 at 3:57 PM Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Fri, Jun 13, 2025 at 07:14:49PM +0530, Pranav Tyagi wrote:
> > Replace all snprintf() instances with scnprintf(). snprintf() returns
> > the number of bytes that would have been written had there been enough
> > space. For sysfs attributes, snprintf() should not be used for the
> > show() method. Instead use scnprintf() which returns the number of bytes
> > actually written.
>
> for sysfs attributes, sysfs_emit() should be used instead.  Why not do
> that here?
>
> But what is wrong with the current code?  Is it not working properly?
>
> thanks,
>
> greg k-h'

I had sent this patch earlier along with a few others of similar
nature. The code in question was working correctly. However, the
intent was to perform cleanups based on documentation guidance.

Specifically, for sysfs attributes, the documentation discourages
using snprintf() in the show() method since it returns the
number of bytes that would have been written, not the number
actually written. This can potentially lead to buffer overflows.

You had previously pointed out that either sysfs_emit() should
be used or the code should be left unchanged if it is working
correctly. To avoid unnecessary churn, I decided to drop those
( including this one ) patches entirely.

Regards
Pranav Tyagi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ