lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 28 May 2020 07:14:06 -0400
From:   Jamal Hadi Salim <jhs@...atatu.com>
To:     Stephen Hemminger <stephen@...workplumber.org>,
        Andrea Claudi <aclaudi@...hat.com>
Cc:     netdev@...r.kernel.org, dsahern@...il.com, asmadeus@...ewreck.org
Subject: Re: [iproute2 PATCH 0/2] Fix segfault in lib/bpf.c

On 2020-05-27 6:13 p.m., Stephen Hemminger wrote:
> On Tue, 26 May 2020 18:04:09 +0200
> Andrea Claudi <aclaudi@...hat.com> wrote:
> 
>> Jamal reported a segfault in bpf_make_custom_path() when custom pinning is
>> used. This is caused by commit c0325b06382cb ("bpf: replace snprintf with
>> asprintf when dealing with long buffers").
>>
>> As the only goal of that commit is to get rid of a truncation warning when
>> compiling lib/bpf.c, revert it and fix the warning checking for snprintf
>> return value
>>
>> Andrea Claudi (2):
>>    Revert "bpf: replace snprintf with asprintf when dealing with long
>>      buffers"
>>    bpf: Fixes a snprintf truncation warning
>>
>>   lib/bpf.c | 155 +++++++++++++++---------------------------------------
>>   1 file changed, 41 insertions(+), 114 deletions(-)
>>
> 
> ok merged
> 

FWIW, it may be useful to grep the tree and check for
s[n]printf() return code.
It seems like modern compilers are good enough at catching
overruns but maybe useful to enforce a coding style consistency
given that most people doit the LinuxWay (cutnpaste existing
code to fix a bug or add a feature).

cheers,
jamal

Powered by blists - more mailing lists