lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 07 Oct 2022 15:35:29 +0200
From:   Johannes Berg <>
Cc:,,,,,, Edward Cree <>
Subject: Re: [RFC PATCH net-next 1/3] netlink: add support for formatted
 extack messages

> +#define NL_SET_ERR_MSG_FMT(extack, fmt, args...) do {		\
> +	struct netlink_ext_ack *__extack = (extack);		\
> +								\
> +	scnprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,	\
> +		  (fmt), ##args);				\

Maybe that should print some kind of warning if the string was longer
than the buffer? OTOH, I guess the user would notice anyway, and until
you run the code nobody can possibly notice ... too bad then?

Maybe we could at least _statically_ make sure that the *format* string
(fmt) is shorter than say 60 chars or something to give some wiggle room
for the print expansion?

	/* allow 20 chars for format expansion */

might even work? Just as a sanity check.

> +	do_trace_netlink_extack(__extack->_msg_buf);		\
> +								\
> +	if (__extack)						\
> +		__extack->_msg = __extack->_msg_buf;		\

That "if (__extack)" check seems a bit strange, you've long crashed with
a NPD if it was really NULL?


Powered by blists - more mailing lists