lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 7 Oct 2022 14:46:46 +0100
From:   Edward Cree <>
To:     Johannes Berg <>,,,
Subject: Re: [RFC PATCH net-next 1/3] netlink: add support for formatted
 extack messages

On 07/10/2022 14:35, Johannes Berg wrote:
>> +#define NL_SET_ERR_MSG_FMT(extack, fmt, args...) do {		\
>> +	struct netlink_ext_ack *__extack = (extack);		\
>> +								\
>> +	scnprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN,	\
>> +		  (fmt), ##args);				\
> Maybe that should print some kind of warning if the string was longer
> than the buffer? OTOH, I guess the user would notice anyway, and until
> you run the code nobody can possibly notice ... too bad then?
> Maybe we could at least _statically_ make sure that the *format* string
> (fmt) is shorter than say 60 chars or something to give some wiggle room
> for the print expansion?
> 	/* allow 20 chars for format expansion */
> 	BUILD_BUG_ON(strlen(fmt) > NETLINK_MAX_FMTMSG_LEN - 20);
> might even work? Just as a sanity check.

Hmm, I don't think we want to prohibit the case of (say) a 78-char format
 string with one %d that's always small-valued in practice.
In fact if you have lots of % in the format string the output could be
 significantly *shorter* than fmt.
So while I do like the idea of a sanity check, I don't see how to do it
 without imposing unnecessary limitations.

>> +	do_trace_netlink_extack(__extack->_msg_buf);		\
>> +								\
>> +	if (__extack)						\
>> +		__extack->_msg = __extack->_msg_buf;		\
> That "if (__extack)" check seems a bit strange, you've long crashed with
> a NPD if it was really NULL?

Good point, I blindly copied NL_SET_ERR_MSG without thinking.
The check should enclose the whole body, will fix in v2.


Powered by blists - more mailing lists