lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <172363131189.6062.4199842989565550209@noble.neil.brown.name>
Date: Wed, 14 Aug 2024 20:28:31 +1000
From: "NeilBrown" <neilb@...e.de>
To: kunwu.chan@...ux.dev
Cc: trondmy@...nel.org, anna@...nel.org, chuck.lever@...cle.com,
 jlayton@...nel.org, kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com,
 davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
 linux-nfs@...r.kernel.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, "Kunwu Chan" <chentao@...inos.cn>
Subject: Re: [PATCH] SUNRPC: Fix -Wformat-truncation warning

On Wed, 14 Aug 2024, kunwu.chan@...ux.dev wrote:
> From: Kunwu Chan <chentao@...inos.cn>
> 
> Increase size of the servername array to avoid truncated output warning.
> 
> net/sunrpc/clnt.c:582:75: error:‘%s’ directive output may be truncated
> writing up to 107 bytes into a region of size 48
> [-Werror=format-truncation=]
>   582 |                   snprintf(servername, sizeof(servername), "%s",
>       |                                                             ^~
> 
> net/sunrpc/clnt.c:582:33: note:‘snprintf’ output
> between 1 and 108 bytes into a destination of size 48
>   582 |                     snprintf(servername, sizeof(servername), "%s",
>       |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   583 |                                          sun->sun_path);
> 
> Signed-off-by: Kunwu Chan <chentao@...inos.cn>
> ---
>  net/sunrpc/clnt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
> index 09f29a95f2bc..874085f3ed50 100644
> --- a/net/sunrpc/clnt.c
> +++ b/net/sunrpc/clnt.c
> @@ -546,7 +546,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
>  		.connect_timeout = args->connect_timeout,
>  		.reconnect_timeout = args->reconnect_timeout,
>  	};
> -	char servername[48];
> +	char servername[108];

If we choose this approach to removing the warning, then we should use
UNIX_PATH_MAX rather than 108.

However the longest server name copied in here will in practice be
   /var/run/rpcbind.sock

so the extra 60 bytes on the stack is wasted ...  maybe that doesn't
matter.

The string is only used by xprt_create_transport() which requires it to
be less than RPC_MAXNETNAMELEN - which is 256.
So maybe that would be a better value to use for the array size ....  if
we assume that stack space isn't a problem.

What ever number we use, I'd rather it was a defined constant, and not
an apparently arbitrary number.

Thanks,
NeilBrown


>  	struct rpc_clnt *clnt;
>  	int i;
>  
> -- 
> 2.40.1
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ