| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 9 Jan 2022 20:41:38 +0200
From: Leon Romanovsky <leon@...nel.org>
To: netdev@...r.kernel.org
Cc: Leon Romanovsky <leonro@...dia.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2-next 1/2] rdma: Limit copy data by the destination size
From: Leon Romanovsky <leonro@...dia.com>
The strncat() function will copy upto n bytes supplied as third
argument. The n bytes shouldn't be no more than destination and
not the source.
This change fixes the following clang compilation warnings:
res-srq.c:75:25: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
strncat(qp_str, tmp, sizeof(tmp) - 1);
^~~~~~~~~~~~~~~
res-srq.c:99:23: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
strncat(qp_str, tmp, sizeof(tmp) - 1);
^~~~~~~~~~~~~~~
res-srq.c:142:25: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
strncat(qp_str, tmp, sizeof(tmp) - 1);
^~~~~~~~~~~~~~~
Fixes: 9b272e138d23 ("rdma: Add SRQ resource tracking information")
Reported-by: Stephen Hemminger <stephen@...workplumber.org>
Signed-off-by: Leon Romanovsky <leonro@...dia.com>
---
rdma/res-srq.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/rdma/res-srq.c b/rdma/res-srq.c
index 5d8f3842..3038c352 100644
--- a/rdma/res-srq.c
+++ b/rdma/res-srq.c
@@ -70,9 +70,8 @@ static int filter_srq_range_qps(struct rd *rd, struct nlattr **qp_line,
*delimiter, tmp_min_range,
tmp_max_range);
- if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN)
- return -EINVAL;
- strncat(qp_str, tmp, sizeof(tmp) - 1);
+ strncat(qp_str, tmp,
+ MAX_QP_STR_LEN - strlen(qp_str) - 1);
memset(tmp, 0, strlen(tmp));
*delimiter = ",";
@@ -94,9 +93,7 @@ static int filter_srq_range_qps(struct rd *rd, struct nlattr **qp_line,
snprintf(tmp, sizeof(tmp), "%s%d-%d", *delimiter,
tmp_min_range, tmp_max_range);
- if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN)
- return -EINVAL;
- strncat(qp_str, tmp, sizeof(tmp) - 1);
+ strncat(qp_str, tmp, MAX_QP_STR_LEN - strlen(qp_str) - 1);
*delimiter = ",";
return 0;
}
@@ -137,9 +134,8 @@ static int get_srq_qps(struct rd *rd, struct nlattr *qp_table, char *qp_str)
qp_line[RDMA_NLDEV_ATTR_RES_LQPN]))
continue;
snprintf(tmp, sizeof(tmp), "%s%d", delimiter, qpn);
- if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN)
- goto out;
- strncat(qp_str, tmp, sizeof(tmp) - 1);
+ strncat(qp_str, tmp,
+ MAX_QP_STR_LEN - strlen(qp_str) - 1);
delimiter = ",";
} else if (qp_line[RDMA_NLDEV_ATTR_MIN_RANGE] &&
qp_line[RDMA_NLDEV_ATTR_MAX_RANGE]) {
--
2.33.1
Powered by blists - more mailing lists