| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <172372194692.6062.4519803974558688969@noble.neil.brown.name> Date: Thu, 15 Aug 2024 21:39:06 +1000 From: "NeilBrown" <neilb@...e.de> To: "Kunwu Chan" <kunwu.chan@...ux.dev> Cc: trondmy@...nel.org, anna@...nel.org, chuck.lever@...cle.com, jlayton@...nel.org, kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, linux-nfs@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, "Kunwu Chan" <chentao@...inos.cn> Subject: Re: [PATCH] SUNRPC: Fix -Wformat-truncation warning On Thu, 15 Aug 2024, Kunwu Chan wrote: > Thanks for your reply. > > On 2024/8/14 18:28, NeilBrown wrote: > > On Wed, 14 Aug 2024, kunwu.chan@...ux.dev wrote: > >> From: Kunwu Chan <chentao@...inos.cn> > >> > >> Increase size of the servername array to avoid truncated output warning. > >> > >> net/sunrpc/clnt.c:582:75: error:‘%s’ directive output may be truncated > >> writing up to 107 bytes into a region of size 48 > >> [-Werror=format-truncation=] > >> 582 | snprintf(servername, sizeof(servername), "%s", > >> | ^~ > >> > >> net/sunrpc/clnt.c:582:33: note:‘snprintf’ output > >> between 1 and 108 bytes into a destination of size 48 > >> 582 | snprintf(servername, sizeof(servername), "%s", > >> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> 583 | sun->sun_path); > >> > >> Signed-off-by: Kunwu Chan <chentao@...inos.cn> > >> --- > >> net/sunrpc/clnt.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c > >> index 09f29a95f2bc..874085f3ed50 100644 > >> --- a/net/sunrpc/clnt.c > >> +++ b/net/sunrpc/clnt.c > >> @@ -546,7 +546,7 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args) > >> .connect_timeout = args->connect_timeout, > >> .reconnect_timeout = args->reconnect_timeout, > >> }; > >> - char servername[48]; > >> + char servername[108]; > > If we choose this approach to removing the warning, then we should use > > UNIX_PATH_MAX rather than 108. > My negligence. > > > > However the longest server name copied in here will in practice be > > /var/run/rpcbind.sock > > > > so the extra 60 bytes on the stack is wasted ... maybe that doesn't > > matter. > I'm thinking about use a dynamic space alloc method like kasprintf to > avoid space waste. > > The string is only used by xprt_create_transport() which requires it to > > be less than RPC_MAXNETNAMELEN - which is 256. > > So maybe that would be a better value to use for the array size .... if > > we assume that stack space isn't a problem. > > Thank you for the detailed explanation. I read the > xprt_create_transport, the RPC_MAXNETNAMELEN > > is only use to xprt_create_transport . > > > What ever number we use, I'd rather it was a defined constant, and not > > an apparently arbitrary number. > > Whether we could check the sun->sun_path length before using snprintf? > The array size should smaller > > than the minimum of sun->sun_path and RPC_MAXNETNAMELEN. > > Or use the dynamic space allocate method to save space. I think that dynamically allocating space is not a good idea. It means you have to handle failure which is just a waste of code. I'd suggest simply changing the array to RPC_MAXNETNAMELEN. NeilBrown > > > > > Thanks, > > NeilBrown > > > > > >> struct rpc_clnt *clnt; > >> int i; > >> > >> -- > >> 2.40.1 > >> > >> > -- > Thanks, > Kunwu.Chan > >
Powered by blists - more mailing lists