| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFhGd8r5YFJrpy7xvhi2LZUrsPNTTpWKy2PYgDOjnrnTNBN3Bg@mail.gmail.com> Date: Wed, 25 Oct 2023 16:59:10 -0700 From: Justin Stitt <justinstitt@...gle.com> To: Joe Perches <joe@...ches.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Shay Agroskin <shayagr@...zon.com>, Arthur Kiyanovski <akiyano@...zon.com>, David Arinzon <darinzon@...zon.com>, Noam Dagan <ndagan@...zon.com>, Saeed Bishara <saeedb@...zon.com>, Rasesh Mody <rmody@...vell.com>, Sudarsana Kalluru <skalluru@...vell.com>, GR-Linux-NIC-Dev@...vell.com, Dimitris Michailidis <dmichail@...gible.com>, Yisen Zhuang <yisen.zhuang@...wei.com>, Salil Mehta <salil.mehta@...wei.com>, Jesse Brandeburg <jesse.brandeburg@...el.com>, Tony Nguyen <anthony.l.nguyen@...el.com>, Louis Peens <louis.peens@...igine.com>, Shannon Nelson <shannon.nelson@....com>, Brett Creeley <brett.creeley@....com>, drivers@...sando.io, "K. Y. Srinivasan" <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>, Ronak Doshi <doshir@...are.com>, VMware PV-Drivers Reviewers <pv-drivers@...are.com>, Andy Whitcroft <apw@...onical.com>, Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Nick Desaulniers <ndesaulniers@...gle.com>, Nathan Chancellor <nathan@...nel.org>, Kees Cook <keescook@...omium.org>, intel-wired-lan@...ts.osuosl.org, oss-drivers@...igine.com, linux-hyperv@...r.kernel.org Subject: Re: [PATCH 2/3] treewide: Convert some ethtool_sprintf() to ethtool_puts() On Wed, Oct 25, 2023 at 4:51 PM Joe Perches <joe@...ches.com> wrote: > > On Wed, 2023-10-25 at 23:40 +0000, Justin Stitt wrote: > > This patch converts some basic cases of ethtool_sprintf() to > > ethtool_puts(). > > > > The conversions are used in cases where ethtool_sprintf() was being used > > with just two arguments: > > > ethtool_sprintf(&data, buffer[i].name); > > OK. > > > or when it's used with format string: "%s" > > > ethtool_sprintf(&data, "%s", buffer[i].name); > > > which both now become: > > > ethtool_puts(&data, buffer[i].name); > > Why do you want this conversion? > Is it not possible for .name to contain a formatting field? The case of using just two arguments to a ethtool_sprintf call may cause -Wformat-security warnings. If it did indeed have format specifiers then we would have more format specifiers than arguments. Not ideal. The second case of having a standalone "%s" isn't necessarily bad or wrong. I used this exact approach to replace some strncpy() usage in net drivers [1]. I'm working off guidance from Andrew Lunn [2] and Kees who said it may be a good idea to tidy this up with a puts(). All in all, this patch doesn't do much but fix some warnings and provide a more obvious interface. The number of actual replacements are relatively low (around 20ish) so I was hoping to sneak them in via this series. > [1]: https://lore.kernel.org/all/?q=dfb%3Aethtool_sprintf+AND+f%3Ajustinstitt [2]: https://lore.kernel.org/all/a958d35e-98b6-4a95-b505-776482d1150c@lunn.ch/ Thanks Justin
Powered by blists - more mailing lists