Re: [PATCH 1/2] Fix format overflows

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jonathan Dieter <jdieter@lesbg.com>
To: Krzysztof Opasiak <k.opasiak@samsung.com>, linux-kernel@vger.kernel.org
Cc: Valentina Manea <valentina.manea.m@gmail.com>,
	Shuah Khan <shuah@kernel.org>,
	Peter Senna Tschudin <peter.senna@gmail.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"open list:USB OVER IP DRIVER" <linux-usb@vger.kernel.org>
Subject: Re: [PATCH 1/2] Fix format overflows
Date: Tue, 21 Feb 2017 08:48:30 +0200	[thread overview]
Message-ID: <1487659710.2096.1.camel@lesbg.com> (raw)
In-Reply-To: <ff9e6f1a-0590-449a-11b4-bc521b4b7953@samsung.com>

Thanks for looking at this.  One quick question before I put out
version two with your corrections:

On Tue, 2017-02-21 at 07:12 +0100, Krzysztof Opasiak wrote:
> Hi,
> 
> W dniu 2017-02-20 o 21:51, Jonathan Dieter pisze:
> > The usbip userspace tools call sprintf()/snprintf() and don't check
> > for
> > the return value which can lead the paths to overflow, truncating
> > the
> > final file in the path.
> > 
> > More urgently, GCC 7 now warns that these aren't checked with
> > -Wformat-overflow, and with -Werror enabled in configure.ac, that
> > makes
> > these tools unbuildable.
> > 
> > This patch fixes these problems by replacing sprintf() with
> > snprintf() in
> > one place and adding checks for the return value of snprintf().
> > 
> > Reviewed-by: Peter Senna Tschudin <peter.senna@gmail.com>
> > Signed-off-by: Jonathan Dieter <jdieter@lesbg.com>
> > ---
> >  tools/usb/usbip/libsrc/usbip_common.c      |  8 +++++++-
> >  tools/usb/usbip/libsrc/usbip_host_common.c | 25
> > ++++++++++++++++++++-----
> >  2 files changed, 27 insertions(+), 6 deletions(-)
> > 
> > diff --git a/tools/usb/usbip/libsrc/usbip_common.c
> > b/tools/usb/usbip/libsrc/usbip_common.c
> > index ac73710..fc875ee 100644
> > --- a/tools/usb/usbip/libsrc/usbip_common.c
> > +++ b/tools/usb/usbip/libsrc/usbip_common.c
> > @@ -215,9 +215,15 @@ int read_usb_interface(struct usbip_usb_device
> > *udev, int i,
> >  		       struct usbip_usb_interface *uinf)
> >  {
> >  	char busid[SYSFS_BUS_ID_SIZE];
> > +	int size;
> >  	struct udev_device *sif;
> > 
> > -	sprintf(busid, "%s:%d.%d", udev->busid, udev-
> > >bConfigurationValue, i);
> > +	size = snprintf(busid, SYSFS_BUS_ID_SIZE, "%s:%d.%d",
> 
> why not sizeof(busid)?
> 
> > +			udev->busid, udev->bConfigurationValue,
> > i);
> > +	if (size >= SYSFS_BUS_ID_SIZE) {
> 
> As above.
> 
> > +		err("busid length %i >= SYSFS_BUS_ID_SIZE", size);

Should I also change the error messages to use real values?
Ex:
		err("busid length %i >= %i", size, sizeof(busid));

> > +		return -1;
> > +	}
> > 
> >  	sif = udev_device_new_from_subsystem_sysname(udev_context,
> > "usb", busid);
> >  	if (!sif) {
> > diff --git a/tools/usb/usbip/libsrc/usbip_host_common.c
> > b/tools/usb/usbip/libsrc/usbip_host_common.c
> > index 9d41522..690cd49 100644
> > --- a/tools/usb/usbip/libsrc/usbip_host_common.c
> > +++ b/tools/usb/usbip/libsrc/usbip_host_common.c
> > @@ -40,13 +40,19 @@ struct udev *udev_context;
> >  static int32_t read_attr_usbip_status(struct usbip_usb_device
> > *udev)
> >  {
> >  	char status_attr_path[SYSFS_PATH_MAX];
> > +	int size;
> >  	int fd;
> >  	int length;
> >  	char status;
> >  	int value = 0;
> > 
> > -	snprintf(status_attr_path, SYSFS_PATH_MAX,
> > "%s/usbip_status",
> > -		 udev->path);
> > +	size = snprintf(status_attr_path, SYSFS_PATH_MAX,
> > "%s/usbip_status",
> 
> The same here.
> 
> > +			udev->path);
> > +	if (size >= SYSFS_PATH_MAX) {
> > +		err("usbip_status path length %i >=
> > SYSFS_PATH_MAX", size);
> > +		return -1;
> > +	}
> > +
> > 
> >  	fd = open(status_attr_path, O_RDONLY);
> >  	if (fd < 0) {
> > @@ -218,6 +224,7 @@ int usbip_export_device(struct
> > usbip_exported_device *edev, int sockfd)
> >  {
> >  	char attr_name[] = "usbip_sockfd";
> >  	char sockfd_attr_path[SYSFS_PATH_MAX];
> > +	int size;
> >  	char sockfd_buff[30];
> >  	int ret;
> > 
> > @@ -237,10 +244,18 @@ int usbip_export_device(struct
> > usbip_exported_device *edev, int sockfd)
> >  	}
> > 
> >  	/* only the first interface is true */
> > -	snprintf(sockfd_attr_path, sizeof(sockfd_attr_path),
> > "%s/%s",
> > -		 edev->udev.path, attr_name);
> > +	size = snprintf(sockfd_attr_path,
> > sizeof(sockfd_attr_path), "%s/%s",
> > +			edev->udev.path, attr_name);
> > +	if (size >= SYSFS_PATH_MAX) {
> 
> hmmm this should be sizeof(sockfd_attr_path) not SYSFS_PATH_MAX
> 
> > +		err("exported device path length %i >=
> > SYSFS_PATH_MAX", size);
> > +		return -1;
> > +	}
> > 
> > -	snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n",
> > sockfd);
> > +	size = snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n",
> > sockfd);
> > +	if (size >= 30) {
> 
> Please don't hardcode such values in if. use sizeof() like one line
> above
> 
> > +		err("socket length %i >= 30", size);
> > +		return -1;
> > +	}
> > 
> >  	ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff,
> >  				    strlen(sockfd_buff));
> > 
> 
> Best regards,

next prev parent reply	other threads:[~2017-02-21  6:50 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20170220205937epcas3p4e334a658cf4d67f4a7d5a4ae7ce10afc@epcas3p4.samsung.com>
2017-02-20 20:51 ` [PATCH 1/2] Fix format overflows Jonathan Dieter
2017-02-20 20:51   ` [PATCH 2/2] Fix implicit fallthrough warning Jonathan Dieter
2017-02-21  6:12   ` [PATCH 1/2] Fix format overflows Krzysztof Opasiak
2017-02-21  6:48     ` Jonathan Dieter [this message]
2017-02-21 17:50       ` Jonathan Dieter
2017-02-21 17:57         ` [PATCH v2 1/2] usbip: Fix-format-overflow Jonathan Dieter
2017-02-21 17:57           ` [PATCH v2 2/2] usbip: Fix implicit fallthrough warning Jonathan Dieter
2017-02-22  5:49           ` [PATCH v2 1/2] usbip: Fix-format-overflow Krzysztof Opasiak
2017-02-22 18:14             ` Jonathan Dieter
2017-02-22 18:17             ` [PATCH v3 " Jonathan Dieter
2017-02-22 18:18               ` [PATCH v3 2/2] usbip: Fix implicit fallthrough warning Jonathan Dieter
2017-02-27  8:31               ` [PATCH v4 1/2] usbip: Fix-format-overflow Jonathan Dieter
2017-02-27  8:31                 ` [PATCH v4 2/2] usbip: Fix implicit fallthrough warning Jonathan Dieter
2017-03-16  7:47                 ` [PATCH v4 1/2] usbip: Fix-format-overflow Jonathan Dieter
2017-03-16 15:04                 ` Shuah Khan
2017-03-17  1:37                   ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1487659710.2096.1.camel@lesbg.com \
    --to=jdieter@lesbg.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=k.opasiak@samsung.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=peter.senna@gmail.com \
    --cc=shuah@kernel.org \
    --cc=valentina.manea.m@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.