lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <489c52d1-cad2-473d-86ab-cdae51b043c7@intel.com>
Date: Thu, 17 Jul 2025 10:03:49 -0700
From: Jacob Keller <jacob.e.keller@...el.com>
To: Wang Haoran <haoranwangsec@...il.com>, Simon Horman <horms@...nel.org>
CC: <anthony.l.nguyen@...el.com>, <przemyslaw.kitszel@...el.com>,
	<andrew+netdev@...n.ch>, <davem@...emloft.net>, <edumazet@...gle.com>,
	<kuba@...nel.org>, <pabeni@...hat.com>, <netdev@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: Re: We found a bug in i40e_debugfs.c for the latest linux



On 7/16/2025 5:52 AM, Wang Haoran wrote:
> Thanks for the clarification regarding i40e_dbg_command_buf.
> 
> Please let me know if you'd like me to submit a patch to
> remove this interface, or to replace snprintf() with scnprintf().
> 
> 
Since this is a debugfs interface, I think we're safe to drop the read
accesses entirely, without fear of backwards compatibility violations. I
think I can handle making a patch for that, but I'm happy to accept a
patch from you if you want.

It looks like there is some complication as the
i40e_dbg_netdev_ops_write() does appear to use this buffer for scratch
space. I think that would need cleanup to align with how the
i40e_dbg_command_write() function works with an allocated buffer rather
than using this static space in the driver.

Thanks,
Jake



Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ