| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <22361732-351e-4768-0974-bd4050eb9f2e@gmail.com>
Date: Mon, 18 Nov 2019 19:48:32 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Hangbin Liu <liuhangbin@...il.com>,
Eric Dumazet <eric.dumazet@...il.com>
Cc: Jiri Benc <jbenc@...hat.com>, netdev@...r.kernel.org,
Eric Dumazet <edumazet@...gle.com>,
"David S . Miller" <davem@...emloft.net>
Subject: Re: [PATCH net] tcp: switch snprintf to scnprintf
On 11/18/19 5:53 PM, Hangbin Liu wrote:
> On Fri, Nov 15, 2019 at 10:54:55AM +0100, Jiri Benc wrote:
>> On Fri, 15 Nov 2019 10:41:06 +0800, Hangbin Liu wrote:
>>>> We need to properly size the output buffers before using them,
>>>> we can not afford truncating silently the output.
>>>
>>> Yes, I agree. Just as I said, the buffer is still enough, while scnprintf
>>> is just a safer usage compired with snprintf.
>>
>> So maybe keep snprintf but add WARN_ON and bail out of the loop if the
>> buffer size was reached?
>>
>> if (WARN_ON(offs >= maxlen))
>> break;
>>
>
> Hi Eric,
>
> What do you think?
>
WARN_ON_ONCE() please...
Powered by blists - more mailing lists