lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Oct 2023 16:59:10 -0700
From: Justin Stitt <justinstitt@...gle.com>
To: Joe Perches <joe@...ches.com>
Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Shay Agroskin <shayagr@...zon.com>, 
	Arthur Kiyanovski <akiyano@...zon.com>, David Arinzon <darinzon@...zon.com>, Noam Dagan <ndagan@...zon.com>, 
	Saeed Bishara <saeedb@...zon.com>, Rasesh Mody <rmody@...vell.com>, 
	Sudarsana Kalluru <skalluru@...vell.com>, GR-Linux-NIC-Dev@...vell.com, 
	Dimitris Michailidis <dmichail@...gible.com>, Yisen Zhuang <yisen.zhuang@...wei.com>, 
	Salil Mehta <salil.mehta@...wei.com>, Jesse Brandeburg <jesse.brandeburg@...el.com>, 
	Tony Nguyen <anthony.l.nguyen@...el.com>, Louis Peens <louis.peens@...igine.com>, 
	Shannon Nelson <shannon.nelson@....com>, Brett Creeley <brett.creeley@....com>, drivers@...sando.io, 
	"K. Y. Srinivasan" <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Wei Liu <wei.liu@...nel.org>, 
	Dexuan Cui <decui@...rosoft.com>, Ronak Doshi <doshir@...are.com>, 
	VMware PV-Drivers Reviewers <pv-drivers@...are.com>, Andy Whitcroft <apw@...onical.com>, 
	Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, 
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org, 
	Nick Desaulniers <ndesaulniers@...gle.com>, Nathan Chancellor <nathan@...nel.org>, 
	Kees Cook <keescook@...omium.org>, intel-wired-lan@...ts.osuosl.org, 
	oss-drivers@...igine.com, linux-hyperv@...r.kernel.org
Subject: Re: [PATCH 2/3] treewide: Convert some ethtool_sprintf() to ethtool_puts()

On Wed, Oct 25, 2023 at 4:51 PM Joe Perches <joe@...ches.com> wrote:
>
> On Wed, 2023-10-25 at 23:40 +0000, Justin Stitt wrote:
> > This patch converts some basic cases of ethtool_sprintf() to
> > ethtool_puts().
> >
> > The conversions are used in cases where ethtool_sprintf() was being used
> > with just two arguments:
> > >       ethtool_sprintf(&data, buffer[i].name);
>
> OK.
>
> > or when it's used with format string: "%s"
> > >       ethtool_sprintf(&data, "%s", buffer[i].name);
> > > which both now become:
> > >       ethtool_puts(&data, buffer[i].name);
>
> Why do you want this conversion?
> Is it not possible for .name to contain a formatting field?

The case of using just two arguments to a ethtool_sprintf
call may cause -Wformat-security warnings. If it did indeed
have format specifiers then we would have more format
specifiers than arguments. Not ideal.

The second case of having a standalone "%s" isn't
necessarily bad or wrong. I used this exact approach to
replace some strncpy() usage in net drivers [1].

I'm working off guidance from Andrew Lunn [2] and Kees
who said it may be a good idea to tidy this up with a puts().

All in all, this patch doesn't do much but fix some warnings
and provide a more obvious interface. The number of
actual replacements are relatively low (around 20ish) so
I was hoping to sneak them in via this series.

>

[1]: https://lore.kernel.org/all/?q=dfb%3Aethtool_sprintf+AND+f%3Ajustinstitt
[2]: https://lore.kernel.org/all/a958d35e-98b6-4a95-b505-776482d1150c@lunn.ch/

Thanks
Justin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ