lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1aafd0ec-5e01-9b01-61a5-48f3945c3969@gmail.com> Date: Fri, 7 Oct 2022 14:46:46 +0100 From: Edward Cree <ecree.xilinx@...il.com> To: Johannes Berg <johannes@...solutions.net>, ecree@...inx.com, netdev@...r.kernel.org, linux-net-drivers@....com Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, edumazet@...gle.com, habetsm.xilinx@...il.com, marcelo.leitner@...il.com Subject: Re: [RFC PATCH net-next 1/3] netlink: add support for formatted extack messages On 07/10/2022 14:35, Johannes Berg wrote: > >> +#define NL_SET_ERR_MSG_FMT(extack, fmt, args...) do { \ >> + struct netlink_ext_ack *__extack = (extack); \ >> + \ >> + scnprintf(__extack->_msg_buf, NETLINK_MAX_FMTMSG_LEN, \ >> + (fmt), ##args); \ > > Maybe that should print some kind of warning if the string was longer > than the buffer? OTOH, I guess the user would notice anyway, and until > you run the code nobody can possibly notice ... too bad then? > > Maybe we could at least _statically_ make sure that the *format* string > (fmt) is shorter than say 60 chars or something to give some wiggle room > for the print expansion? > > /* allow 20 chars for format expansion */ > BUILD_BUG_ON(strlen(fmt) > NETLINK_MAX_FMTMSG_LEN - 20); > > might even work? Just as a sanity check. Hmm, I don't think we want to prohibit the case of (say) a 78-char format string with one %d that's always small-valued in practice. In fact if you have lots of % in the format string the output could be significantly *shorter* than fmt. So while I do like the idea of a sanity check, I don't see how to do it without imposing unnecessary limitations. >> + do_trace_netlink_extack(__extack->_msg_buf); \ >> + \ >> + if (__extack) \ >> + __extack->_msg = __extack->_msg_buf; \ > > That "if (__extack)" check seems a bit strange, you've long crashed with > a NPD if it was really NULL? Good point, I blindly copied NL_SET_ERR_MSG without thinking. The check should enclose the whole body, will fix in v2. -ed
Powered by blists - more mailing lists