lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130123174150.GA26336@gmail.com>
Date:	Wed, 23 Jan 2013 12:41:50 -0500
From:	Cong Ding <dinggnu@...il.com>
To:	Alex Elder <elder@...tank.com>
Cc:	Sage Weil <sage@...tank.com>,
	"David S. Miller" <davem@...emloft.net>,
	ceph-devel@...r.kernel.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ceph/osdmap.c: fix undefined behavior when using
 snprintf()

On Wed, Jan 23, 2013 at 10:48:07AM -0600, Alex Elder wrote:
> On 01/22/2013 01:20 PM, Cong Ding wrote:
> > The variable "str" is used as both the source and destination in function
> > snprintf(), which is undefined behavior based on C11. The original description
> > in C11 is:
> > 	"If copying takes place between objects that
> > 	overlap, the behavior is undefined."
> 
> Yes, this was an ill-advised thing to do in this function.
> 
> In fact, the only place this function is used (in osdmap_show()),
> the non-static buffer was not initialized before the call.  (It
> might happen to work because the same stack space was getting
> reused each time through the loop.  Eeeeew!)
> 
> This is just an awful couple of functions.
> 
> > And, the function of ceph_osdmap_state_str() is to return the osdmap state, so
> > it should return "doesn't exist" when all the conditions are not satisfied. I
> > fix it in this patch.
> > 
> > Based on C11, snprintf() does nothing if n==0:
> > 	"If n is zero, nothing is written, and s may be a
> > 	null pointer. Otherwise, output characters beyond
> > 	the n-1st are discarded rather than being written to
> > 	the array, and a null character is written at the
> > 	end of the characters actually written into the
> > 	array."
> > so I remove the unnecessary check of len (because it is not a busy path and
> > saves a few lines of code).
> 
> True.  But since you know it's not going to do anything why
> not only make the call if len is non-zero?  I.e.:
> 
> 	else if (len)
> 		snprintf(str, len, "doesn't exist");
> 
> With your permission I'll make this change and will commit
> this for you.  OK?
It's fine, thanks. But I think it's better to check len in the beginning
because other conditions also call snprintf with parameter len. Like this:

	if (!len)
		return str;

	if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP))
		snprintf(str, len, "exists, up");
	else if (state & CEPH_OSD_EXISTS)
		snprintf(str, len, "exists");
	else if (state & CEPH_OSD_UP)
		snprintf(str, len, "up");
	else
		snprintf(str, len, "doesn't exist");

	return str;

or like this:

	if (len) {
		if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP))
			snprintf(str, len, "exists, up");
		else if (state & CEPH_OSD_EXISTS)
			snprintf(str, len, "exists");
		else if (state & CEPH_OSD_UP)
			snprintf(str, len, "up");
		else
			snprintf(str, len, "doesn't exist");
	}
	return str;

Thanks,
- cong

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ