| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1de98d9d-7a7c-4e84-85b8-f28055210ee2@suse.de> Date: Sun, 11 Feb 2024 21:10:00 +0300 From: Denis Kirjanov <dkirjanov@...e.de> To: Stephen Hemminger <stephen@...workplumber.org> Cc: Denis Kirjanov <kirjanov@...il.com>, netdev@...r.kernel.org Subject: Re: [PATCH v2 iproute2] ifstat: convert sprintf to snprintf On 2/11/24 20:18, Stephen Hemminger wrote: > On Sun, 11 Feb 2024 11:39:13 +0300 > Denis Kirjanov <dkirjanov@...e.de> wrote: > >> On 2/10/24 23:33, Stephen Hemminger wrote: >>> On Fri, 2 Feb 2024 04:35:27 -0500 >>> Denis Kirjanov <kirjanov@...il.com> wrote: >>> >>>> Use snprintf to print only valid data >>>> >>>> v2: adjust formatting >>>> >>>> Signed-off-by: Denis Kirjanov <dkirjanov@...e.de> >>>> --- >>> >>> Tried this but compile failed >>> >>> ifstat.c:896:2: warning: 'snprintf' size argument is too large; destination buffer has size 107, but size argument is 108 [-Wfortify-source] >>> snprintf(sun.sun_path + 1, sizeof(sun.sun_path), "ifstat%d", getuid()); >> >> Right, this is addressed in the patch with scnprintf >> > > But I see no need to convert to scnprintf(). Scnprintf is about the return value > and almost nowhere in iproute2 uses the return value and those that to look at the > return value are checking for beyond buffer. Plus if you convert to scnprintf you > lose lots of the fortify and other analyzer checking. the last line makes sense. > > Bottom line scnprintf() makes sense in kernel but not iproute2. I'll push the next version of a patch with snprintf then. Thanks!
Powered by blists - more mailing lists