lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250619123523.GK1699@horms.kernel.org>
Date: Thu, 19 Jun 2025 13:35:23 +0100
From: Simon Horman <horms@...nel.org>
To: jiang.peng9@....com.cn
Cc: pabeni@...hat.com, davem@...emloft.net, edumazet@...gle.com,
	kuba@...nel.org, jiri@...nulli.us, linux@...blig.org,
	oscmaes92@...il.com, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, xu.xin16@....com.cn,
	yang.yang29@....com.cn
Subject: Re: [PATCH net] net: vlan: fix format-truncation warnings in?
 register_vlan_device

On Thu, Jun 19, 2025 at 02:49:34PM +0800, jiang.peng9@....com.cn wrote:
> From: Peng Jiang <jiang.peng9@....com.cn>
> 
> Building with W=1 triggers format-truncation warnings in the
> register_vlan_device function when compiled with GCC 12.3.0.
> These warnings occur due to the use of %i and %.4i format
> specifiers with a buffer size that might be insufficient
> for the formatted string, potentially causing truncation.
> 
> The original warning trace:
> net/8021q/vlan.c:247:17: note: 'snprintf' output between 3 and 22 bytes into a destination of size 16
> 247 | snprintf(name, IFNAMSIZ, "%s.%i", real_dev->name, vlan_id);
> 
> Signed-off-by: Peng Jiang <jiang.peng9@....com.cn>

Hi Peng Jiang,

name is passed to alloc_netdev(). Which is a wrapper around alloc_netdev_mqs()
which includes the following check:

	BUG_ON(strlen(name) >= sizeof(dev->name)); 

And the size of dev->name is IFNAMSIZ.

So while I am very pleased to see efforts to address format-truncation
warning - indeed I have made efforts elsewhere to this end myself - I don't
think we can solve this problem the way you propose.


Also, I suspect any work in this area will not be a bug fix, and
thus more appropriate to target at net-next rather than net.

	Subject; [PATCH net-next]

And please make sure patches for net or next-next apply against
their target tree: this patch applies to cleanly to neither.

For more information on process for networking patches please see
https://docs.kernel.org/process/maintainer-netdev.html

-- 
pw-bot: changes-requested


...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ