| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42f19231-dbe3-4fce-8836-75089f280296@gmail.com> Date: Tue, 29 Oct 2024 02:22:08 +0200 From: Sergey Ryazanov <ryazanov.s.a@...il.com> To: Simon Horman <horms@...nel.org>, Loic Poulain <loic.poulain@...aro.org>, Johannes Berg <johannes@...solutions.net> Cc: Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, netdev@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH net-next] wwan: core: Pass string literal as format argument of dev_set_name() Hello Simon, On 23.10.2024 15:15, Simon Horman wrote: > Both gcc-14 and clang-18 report that passing a non-string literal as the > format argument of dev_set_name() is potentially insecure. > > E.g. clang-18 says: > > drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security] > 442 | return dev_set_name(&port->dev, buf); > | ^~~ > drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this > 442 | return dev_set_name(&port->dev, buf); > | ^ > | "%s", > > It is always the case where the contents of mod is safe to pass as the > format argument. That is, in my understanding, it never contains any > format escape sequences. > > But, it seems better to be safe than sorry. And, as a bonus, compiler > output becomes less verbose by addressing this issue as suggested by > clang-18. > > Compile tested only. > No functional change intended. > > Signed-off-by: Simon Horman <horms@...nel.org> Theoretically, we can pass a string literal there and all the arguments required to build a proper device name of multiple elements to save some ticks on the format string processing. But this will require a deep rework still with intermediate string formatting. And since the performance of the name allocation is not the case here, lets go with your solution as way more simple and clear. Acked-by: Sergey Ryazanov <ryazanov.s.a@...il.com> > --- > drivers/net/wwan/wwan_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c > index 17431f1b1a0c..465e2a0d57a3 100644 > --- a/drivers/net/wwan/wwan_core.c > +++ b/drivers/net/wwan/wwan_core.c > @@ -431,7 +431,7 @@ static int __wwan_port_dev_assign_name(struct wwan_port *port, const char *fmt) > return -ENFILE; > } > > - return dev_set_name(&port->dev, buf); > + return dev_set_name(&port->dev, "%s", buf); > } > > struct wwan_port *wwan_create_port(struct device *parent, >
Powered by blists - more mailing lists