| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0282be6f-e8ac-4428-a2ac-1ea6b7c25f4a@linux.dev> Date: Thu, 15 Aug 2024 16:30:20 +0800 From: Kunwu Chan <kunwu.chan@...ux.dev> To: NeilBrown <neilb@...e.de> Cc: trondmy@...nel.org, anna@...nel.org, chuck.lever@...cle.com, jlayton@...nel.org, kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, linux-nfs@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Kunwu Chan <chentao@...inos.cn> Subject: Re: [PATCH] SUNRPC: Fix -Wformat-truncation warning Thanks for your reply. On 2024/8/14 18:28, NeilBrown wrote: > On Wed, 14 Aug 2024, kunwu.chan@...ux.dev wrote: >> From: Kunwu Chan <chentao@...inos.cn> >> >> Increase size of the servername array to avoid truncated output warning. >> >> net/sunrpc/clnt.c:582:75: error:‘%s’ directive output may be truncated >> writing up to 107 bytes into a region of size 48 >> [-Werror=format-truncation=] >> 582 | snprintf(servername, sizeof(servername), "%s", >> | ^~ >> >> net/sunrpc/clnt.c:582:33: note:‘snprintf’ output >> between 1 and 108 bytes into a destination of size 48 >> 582 | snprintf(servername, sizeof(servername), "%s", >> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> 583 | sun->sun_path); >> >> Signed-off-by: Kunwu Chan <chentao@...inos.cn> >> --- >> net/sunrpc/clnt.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c >> index 09f29a95f2bc..874085f3ed50 100644 >> --- a/net/sunrpc/clnt.c >> +++ b/net/sunrpc/clnt.c >> @@ -546,7 +546,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args) >> .connect_timeout = args->connect_timeout, >> .reconnect_timeout = args->reconnect_timeout, >> }; >> - char servername[48]; >> + char servername[108]; > If we choose this approach to removing the warning, then we should use > UNIX_PATH_MAX rather than 108. My negligence. > > However the longest server name copied in here will in practice be > /var/run/rpcbind.sock > > so the extra 60 bytes on the stack is wasted ... maybe that doesn't > matter. I'm thinking about use a dynamic space alloc method like kasprintf to avoid space waste. > The string is only used by xprt_create_transport() which requires it to > be less than RPC_MAXNETNAMELEN - which is 256. > So maybe that would be a better value to use for the array size .... if > we assume that stack space isn't a problem. Thank you for the detailed explanation. I read the xprt_create_transport, the RPC_MAXNETNAMELEN is only use to xprt_create_transport . > What ever number we use, I'd rather it was a defined constant, and not > an apparently arbitrary number. Whether we could check the sun->sun_path length before using snprintf? The array size should smaller than the minimum of sun->sun_path and RPC_MAXNETNAMELEN. Or use the dynamic space allocate method to save space. > > Thanks, > NeilBrown > > >> struct rpc_clnt *clnt; >> int i; >> >> -- >> 2.40.1 >> >> -- Thanks, Kunwu.Chan
Powered by blists - more mailing lists