lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAL4kbROGfCnLhYLCptND6Ni2PGJfgZzM+2kjtBhVcvy3jLHtfQ@mail.gmail.com>
Date: Fri, 3 Oct 2025 12:13:55 +0530
From: Kriish Sharma <kriish.sharma2006@...il.com>
To: Krzysztof Hałasa <khalasa@...p.pl>
Cc: khc@...waw.pl, andrew+netdev@...n.ch, davem@...emloft.net, 
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, 
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/net/wan/hdlc_ppp: fix potential null pointer in
 ppp_cp_event logging

Hi,

Thanks for the clarification.
I can update proto_name() to return "LCP" by default instead of NULL,
which should silence the compiler without changing behavior.
I can send another patch for this if you'd like.

Best regards,
Kriish

On Fri, Oct 3, 2025 at 12:04 PM Krzysztof Hałasa <khalasa@...p.pl> wrote:
>
> Hi Kriish,
>
> Kriish Sharma <kriish.sharma2006@...il.com> writes:
>
> > Fixes warnings observed during compilation with -Wformat-overflow:
> >
> > drivers/net/wan/hdlc_ppp.c: In function ‘ppp_cp_event’:
> > drivers/net/wan/hdlc_ppp.c:353:17: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
> >   353 |                 netdev_info(dev, "%s down\n", proto_name(pid));
> >       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > drivers/net/wan/hdlc_ppp.c:342:17: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
> >   342 |                 netdev_info(dev, "%s up\n", proto_name(pid));
> >       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> It appears proto_name(pid) never returns NULL there. Despite actually
> saying "return NULL", that's right :-)
>
> Perhaps you should change it to return "LCP" by default instead, and
> not only on PID_LCP? It should silence the compiler.
>
> This ppp_cp_event() is called in a few places:
> - ppp_cp_parse_cr()
> - ppp_rx()
> - ppp_timer() (with a known protocol, though)
> - and others, with PID_LCP.
>
> Now, before printing proto_name(pid), ppp_cp_event() does
> proto = get_proto(pid), and dereferences it :-)
>
> The pid seems to always come from ppp_rx(). Fortunately it's checked
> at start, and it case of an unknown proto it goes straight to rx_error.
> --
> Krzysztof "Chris" Hałasa
>
> Sieć Badawcza Łukasiewicz
> Przemysłowy Instytut Automatyki i Pomiarów PIAP
> Al. Jerozolimskie 202, 02-486 Warszawa

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ