lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CY8PR11MB7134D3D5446423DD485F0A438957A@CY8PR11MB7134.namprd11.prod.outlook.com>
Date: Tue, 15 Jul 2025 01:37:08 +0000
From: "Zhuo, Qiuxu" <qiuxu.zhuo@...el.com>
To: Wang Haoran <haoranwangsec@...il.com>, "Luck, Tony" <tony.luck@...el.com>,
	"bp@...en8.de" <bp@...en8.de>
CC: "james.morse@....com" <james.morse@....com>, "mchehab@...nel.org"
	<mchehab@...nel.org>, "rric@...nel.org" <rric@...nel.org>,
	"linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] edac: Use scnprintf() for safer buffer handling

Hi Haoran,

Thanks for the patch. 

> From: Wang Haoran <haoranwangsec@...il.com>
> Sent: Monday, July 14, 2025 10:02 PM
> To: Luck, Tony <tony.luck@...el.com>; bp@...en8.de
> Cc: james.morse@....com; mchehab@...nel.org; rric@...nel.org; linux-
> edac@...r.kernel.org; linux-kernel@...r.kernel.org; Wang Haoran
> <haoranwangsec@...il.com>
> Subject: [PATCH] edac: Use scnprintf() for safer buffer handling

Please specify the subject with the prefix 'EDAC/{skx_common,i10nm}', 
to match the previous commit style, as follows:

      EDAC/{skx_common,i10nm}: Use scnprintf() for safer buffer handling

> 
> snprintf() is fragile when its return value will be used to append additional
> data to a buffer. Use scnprintf() instead.
> 

This lengthy commit message can be split into two lines for easy parsing. 
Please do so.
[ The tool scripts/checkpatch.pl suggests a max of 75 characters per line.  ]

> Signed-off-by: Wang Haoran (Vul337) <haoranwangsec@...il.com>

I tested this patch on an Intel Granite Rapids server with error injections, 
and the i10nm_edac functioned well w/o any regression.

    Tested-by: Qiuxu Zhuo <qiuxu.zhuo@...el.com>

Please address Tony's comments about "Vul337" inside your SoB. 
Other than that:

    Reviewed-by: Qiuxu Zhuo <qiuxu.zhuo@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ