lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <cb12b2dd-5544-45f2-bea4-969c0134719d@suswa.mountain>
Date: Tue, 28 Nov 2023 09:06:06 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Rahul Rameshbabu <rrameshbabu@...dia.com>
Cc: Saeed Mahameed <saeedm@...dia.com>, Leon Romanovsky <leon@...nel.org>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Dragos Tatulea <dtatulea@...dia.com>, netdev@...r.kernel.org,
	linux-rdma@...r.kernel.org, kernel-janitors@...r.kernel.org,
	Simon Horman <horms@...nel.org>
Subject: Re: [PATCH net] net/mlx5e: Fix snprintf return check

On Mon, Nov 27, 2023 at 10:46:17AM -0800, Rahul Rameshbabu wrote:
> On Mon, 27 Nov, 2023 16:00:53 +0300 Dan Carpenter <dan.carpenter@...aro.org> wrote:
> > This code prints a string and then if there wasn't enough space for the
> > whole string, then it prints a slightly shorter string.  However, the
> > test for overflow should have been >= instead of == because snprintf()
> > returns the number of bytes which *would* have been printed if there
> > were enough space.
> >
> > Fixes: 41e63c2baa11 ("net/mlx5e: Check return value of snprintf writing to fw_version buffer")
> > Fixes: 1b2bd0c0264f ("net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors")
> > Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> > ---
> 
> I have already sent out patches targeting net for this on the mailing
> list. That said, thanks for the follow-up.

Ah.  Good.  I hadn't seen the earlier discussion about this.  When you
said "follow-up" I worried that I had reported this earlier and
forgotten about it.

regards,
dan carpenter


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ