| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e5855cdd-7f78-4fd6-94c0-17813c781b4b@nvidia.com> Date: Tue, 14 Nov 2023 09:26:18 +0200 From: Gal Pressman <gal@...dia.com> To: Jakub Kicinski <kuba@...nel.org> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, Vlad Buslov <vladbu@...dia.com> Subject: Re: [PATCH net] net: Fix undefined behavior in netdev name allocation On 14/11/2023 6:09, Jakub Kicinski wrote: > On Mon, 13 Nov 2023 10:35:44 +0200 Gal Pressman wrote: >> Cited commit removed the strscpy() call and kept the snprintf() only. >> >> When allocating a netdev, 'res' and 'name' pointers are equal, but >> according to POSIX, if copying takes place between objects that overlap >> as a result of a call to sprintf() or snprintf(), the results are >> undefined. >> >> Add back the strscpy() and use 'buf' as an intermediate buffer. > > It may be worth mentioning that it is fairly common to put the format > in dev->name before device is registered, IOW this condition takes > place a lot? I'll mention it. > IIUC once we cross into 3-digit IDs we may crash? Right, the bitmap and names get out of sync, it results in sysfs name collision call traces. > > With that and the right fixes tag: > > Reviewed-by: Jakub Kicinski <kuba@...nel.org> > > Thanks! Thanks Jakub!
Powered by blists - more mailing lists