lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <45c181f5a18f9159f9b0ef58d7f003b9ce583e9a.1641753491.git.leonro@nvidia.com>
Date:   Sun,  9 Jan 2022 20:41:38 +0200
From:   Leon Romanovsky <leon@...nel.org>
To:     netdev@...r.kernel.org
Cc:     Leon Romanovsky <leonro@...dia.com>,
        Stephen Hemminger <sthemmin@...rosoft.com>,
        Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2-next 1/2] rdma: Limit copy data by the destination size

From: Leon Romanovsky <leonro@...dia.com>

The strncat() function will copy upto n bytes supplied as third
argument. The n bytes shouldn't be no more than destination and
not the source.

This change fixes the following clang compilation warnings:

res-srq.c:75:25: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
                        strncat(qp_str, tmp, sizeof(tmp) - 1);
                                             ^~~~~~~~~~~~~~~
res-srq.c:99:23: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
        strncat(qp_str, tmp, sizeof(tmp) - 1);
                             ^~~~~~~~~~~~~~~
res-srq.c:142:25: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
                        strncat(qp_str, tmp, sizeof(tmp) - 1);
                                             ^~~~~~~~~~~~~~~

Fixes: 9b272e138d23 ("rdma: Add SRQ resource tracking information")
Reported-by: Stephen Hemminger <stephen@...workplumber.org>
Signed-off-by: Leon Romanovsky <leonro@...dia.com>
---
 rdma/res-srq.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/rdma/res-srq.c b/rdma/res-srq.c
index 5d8f3842..3038c352 100644
--- a/rdma/res-srq.c
+++ b/rdma/res-srq.c
@@ -70,9 +70,8 @@ static int filter_srq_range_qps(struct rd *rd, struct nlattr **qp_line,
 					 *delimiter, tmp_min_range,
 					 tmp_max_range);
 
-			if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN)
-				return -EINVAL;
-			strncat(qp_str, tmp, sizeof(tmp) - 1);
+			strncat(qp_str, tmp,
+				MAX_QP_STR_LEN - strlen(qp_str) - 1);
 
 			memset(tmp, 0, strlen(tmp));
 			*delimiter = ",";
@@ -94,9 +93,7 @@ static int filter_srq_range_qps(struct rd *rd, struct nlattr **qp_line,
 		snprintf(tmp, sizeof(tmp), "%s%d-%d", *delimiter,
 			 tmp_min_range, tmp_max_range);
 
-	if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN)
-		return -EINVAL;
-	strncat(qp_str, tmp, sizeof(tmp) - 1);
+	strncat(qp_str, tmp, MAX_QP_STR_LEN - strlen(qp_str) - 1);
 	*delimiter = ",";
 	return 0;
 }
@@ -137,9 +134,8 @@ static int get_srq_qps(struct rd *rd, struct nlattr *qp_table,  char *qp_str)
 					qp_line[RDMA_NLDEV_ATTR_RES_LQPN]))
 				continue;
 			snprintf(tmp, sizeof(tmp), "%s%d", delimiter, qpn);
-			if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN)
-				goto out;
-			strncat(qp_str, tmp, sizeof(tmp) - 1);
+			strncat(qp_str, tmp,
+				MAX_QP_STR_LEN - strlen(qp_str) - 1);
 			delimiter = ",";
 		} else if (qp_line[RDMA_NLDEV_ATTR_MIN_RANGE] &&
 			   qp_line[RDMA_NLDEV_ATTR_MAX_RANGE]) {
-- 
2.33.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ