lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACKFLinr9B6iPYhYbPi1uxGSgQ64YTg7zQZhGV6SdpzOkgMgug@mail.gmail.com>
Date: Tue, 13 Aug 2024 10:02:33 -0700
From: Michael Chan <michael.chan@...adcom.com>
To: Simon Horman <horms@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
	Pavan Chebbi <pavan.chebbi@...adcom.com>, Przemek Kitszel <przemyslaw.kitszel@...el.com>, 
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 2/2] bnxt_en: avoid truncation of per rx run
 debugfs filename

On Tue, Aug 13, 2024 at 7:33 AM Simon Horman <horms@...nel.org> wrote:
>
> Although it seems unlikely in practice - there would need to be
> rx ring indexes greater than 10^10 - it is theoretically possible
> for the filename of per rx ring debugfs files to be truncated.
>
> This is because although a 16 byte buffer is provided, the length
> of the filename is restricted to 10 bytes. Remove this restriction
> and allow the entire buffer to be used.
>
> Also reduce the buffer to 12 bytes, which is sufficient.
>
> Given that the range of rx ring indexes likely much smaller than the
> maximum range of a 32-bit signed integer, a smaller buffer could be
> used, with some further changes.  But this change seems simple, robust,
> and has minimal stack overhead.
>
> Flagged by gcc-14:
>
>   .../bnxt_debugfs.c: In function 'bnxt_debug_dev_init':
>   drivers/net/ethernet/broadcom/bnxt/bnxt_debugfs.c:69:30: warning: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size 10 [-Wformat-truncation=]
>      69 |         snprintf(qname, 10, "%d", ring_idx);
>         |                              ^~
>   In function 'debugfs_dim_ring_init',
>       inlined from 'bnxt_debug_dev_init' at .../bnxt_debugfs.c:87:4:
>   .../bnxt_debugfs.c:69:29: note: directive argument in the range [-2147483643, 2147483646]
>      69 |         snprintf(qname, 10, "%d", ring_idx);
>         |                             ^~~~
>   .../bnxt_debugfs.c:69:9: note: 'snprintf' output between 2 and 12 bytes into a destination of size 10
>      69 |         snprintf(qname, 10, "%d", ring_idx);
>         |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Compile tested only
>
> Signed-off-by: Simon Horman <horms@...nel.org>

Thanks.
Reviewed-by: Michael Chan <michael.chan@...adcom.com>

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4209 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ