| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 07 Oct 2022 15:35:29 +0200
From: Johannes Berg <johannes@...solutions.net>
To: ecree@...inx.com, netdev@...r.kernel.org, linux-net-drivers@....com
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
edumazet@...gle.com, habetsm.xilinx@...il.com,
marcelo.leitner@...il.com, Edward Cree <ecree.xilinx@...il.com>
Subject: Re: [RFC PATCH net-next 1/3] netlink: add support for formatted
extack messages
> +#define NL_SET_ERR_MSG_FMT(extack, fmt, args...) do { \
> + struct netlink_ext_ack *__extack = (extack); \
> + \
> + scnprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN, \
> + (fmt), ##args); \
Maybe that should print some kind of warning if the string was longer
than the buffer? OTOH, I guess the user would notice anyway, and until
you run the code nobody can possibly notice ... too bad then?
Maybe we could at least _statically_ make sure that the *format* string
(fmt) is shorter than say 60 chars or something to give some wiggle room
for the print expansion?
/* allow 20 chars for format expansion */
BUILD_BUG_ON(strlen(fmt) > NETLINK_MAX_FMTMSG_LEN - 20);
might even work? Just as a sanity check.
> + do_trace_netlink_extack(__extack->_msg_buf); \
> + \
> + if (__extack) \
> + __extack->_msg = __extack->_msg_buf; \
That "if (__extack)" check seems a bit strange, you've long crashed with
a NPD if it was really NULL?
johannes
Powered by blists - more mailing lists