lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 9 Jan 2022 20:41:38 +0200 From: Leon Romanovsky <leon@...nel.org> To: netdev@...r.kernel.org Cc: Leon Romanovsky <leonro@...dia.com>, Stephen Hemminger <sthemmin@...rosoft.com>, Stephen Hemminger <stephen@...workplumber.org> Subject: [PATCH iproute2-next 1/2] rdma: Limit copy data by the destination size From: Leon Romanovsky <leonro@...dia.com> The strncat() function will copy upto n bytes supplied as third argument. The n bytes shouldn't be no more than destination and not the source. This change fixes the following clang compilation warnings: res-srq.c:75:25: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size] strncat(qp_str, tmp, sizeof(tmp) - 1); ^~~~~~~~~~~~~~~ res-srq.c:99:23: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size] strncat(qp_str, tmp, sizeof(tmp) - 1); ^~~~~~~~~~~~~~~ res-srq.c:142:25: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size] strncat(qp_str, tmp, sizeof(tmp) - 1); ^~~~~~~~~~~~~~~ Fixes: 9b272e138d23 ("rdma: Add SRQ resource tracking information") Reported-by: Stephen Hemminger <stephen@...workplumber.org> Signed-off-by: Leon Romanovsky <leonro@...dia.com> --- rdma/res-srq.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/rdma/res-srq.c b/rdma/res-srq.c index 5d8f3842..3038c352 100644 --- a/rdma/res-srq.c +++ b/rdma/res-srq.c @@ -70,9 +70,8 @@ static int filter_srq_range_qps(struct rd *rd, struct nlattr **qp_line, *delimiter, tmp_min_range, tmp_max_range); - if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN) - return -EINVAL; - strncat(qp_str, tmp, sizeof(tmp) - 1); + strncat(qp_str, tmp, + MAX_QP_STR_LEN - strlen(qp_str) - 1); memset(tmp, 0, strlen(tmp)); *delimiter = ","; @@ -94,9 +93,7 @@ static int filter_srq_range_qps(struct rd *rd, struct nlattr **qp_line, snprintf(tmp, sizeof(tmp), "%s%d-%d", *delimiter, tmp_min_range, tmp_max_range); - if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN) - return -EINVAL; - strncat(qp_str, tmp, sizeof(tmp) - 1); + strncat(qp_str, tmp, MAX_QP_STR_LEN - strlen(qp_str) - 1); *delimiter = ","; return 0; } @@ -137,9 +134,8 @@ static int get_srq_qps(struct rd *rd, struct nlattr *qp_table, char *qp_str) qp_line[RDMA_NLDEV_ATTR_RES_LQPN])) continue; snprintf(tmp, sizeof(tmp), "%s%d", delimiter, qpn); - if (strlen(qp_str) + strlen(tmp) >= MAX_QP_STR_LEN) - goto out; - strncat(qp_str, tmp, sizeof(tmp) - 1); + strncat(qp_str, tmp, + MAX_QP_STR_LEN - strlen(qp_str) - 1); delimiter = ","; } else if (qp_line[RDMA_NLDEV_ATTR_MIN_RANGE] && qp_line[RDMA_NLDEV_ATTR_MAX_RANGE]) { -- 2.33.1
Powered by blists - more mailing lists