lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2542244617e984f3cbb3f64b3383065cf55bbe59.camel@ibm.com>
Date: Fri, 19 Sep 2025 18:38:54 +0000
From: Viacheslav Dubeyko <Slava.Dubeyko@....com>
To: "idryomov@...il.com" <idryomov@...il.com>,
        "liujing@...s.chinamobile.com"
	<liujing@...s.chinamobile.com>
CC: Xiubo Li <xiubli@...hat.com>,
        "ceph-devel@...r.kernel.org"
	<ceph-devel@...r.kernel.org>,
        "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: Re:  [PATCH] ceph: Fix the wrong format specifier

On Fri, 2025-09-19 at 11:27 +0800, liujing wrote:
> in the ceph_common.c file, to strictly comply with the requirements
> of the %x format specifier and avoid type mismatch and overflow
> issues, d should be defined as an unsigned int type.
> 
> Signed-off-by: liujing <liujing@...s.chinamobile.com>
> ---
>  net/ceph/ceph_common.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
> index 4c6441536d55..d3c19a63cadd 100644
> --- a/net/ceph/ceph_common.c
> +++ b/net/ceph/ceph_common.c
> @@ -195,7 +195,7 @@ int ceph_parse_fsid(const char *str, struct ceph_fsid *fsid)
>  	int i = 0;
>  	char tmp[3];
>  	int err = -EINVAL;
> -	int d;
> +	unsigned int d;
>  
>  	dout("%s '%s'\n", __func__, str);
>  	tmp[2] = 0;

The main action happens here [1]:

tmp[0] = str[0];
tmp[1] = str[1];
if (sscanf(tmp, "%x", &d) < 1)
	break;
fsid->fsid[i] = d & 0xff;

So, tmp is two symbols array with terminating '\0' symbol.
Finally, we make conversion of two digits (or two bytes) string
into the number. The maximum possible number could be 0xFFFF (65535).
Frankly speaking, I don't see how we can have the overflow issue here.
Could you please explain more clearly your point?

Thanks,
Slava.

[1] 
https://elixir.bootlin.com/linux/v6.17-rc6/source/net/ceph/ceph_common.c#L211

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ