From: Martin Wilck <mwilck@suse.de>
To: Bart Van Assche <Bart.VanAssche@wdc.com>,
"bmarzins@redhat.com" <bmarzins@redhat.com>,
"tang.junhui@zte.com.cn" <tang.junhui@zte.com.cn>,
"hare@suse.de" <hare@suse.de>,
"christophe.varoqui@opensvc.com" <christophe.varoqui@opensvc.com>,
"guanjunxiong@huawei.com" <guanjunxiong@huawei.com>
Cc: "dm-devel@redhat.com" <dm-devel@redhat.com>,
"xose.vazquez@gmail.com" <xose.vazquez@gmail.com>,
"linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>
Subject: Re: [PATCH 1/4] libmultipath: get_udev_uid: make sure pp->wwid is 0-terminated
Date: Fri, 14 Jul 2017 21:21:39 +0200 [thread overview]
Message-ID: <1500060099.4808.21.camel@suse.de> (raw)
In-Reply-To: <1500044188.2662.4.camel@wdc.com>
Hi Bart,
On Fri, 2017-07-14 at 14:56 +0000, Bart Van Assche wrote:
> On Fri, 2017-07-14 at 13:32 +0200, Martin Wilck wrote:
> > If the first WWID_LEN bytes of the uuid_attribute do not contain
> > a 0 byte, pp->wwid may end up not properly terminated. Fix it.
> >
> > Signed-off-by: Martin Wilck <mwilck@suse.com>
> > ---
> > libmultipath/discovery.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
> > index 663c8eaa..9951af84 100644
> > --- a/libmultipath/discovery.c
> > +++ b/libmultipath/discovery.c
> > @@ -1615,6 +1615,7 @@ get_udev_uid(struct path * pp, char
> > *uid_attribute, struct udev_device *udev)
> > len = strlen(value);
> > }
> > strncpy(pp->wwid, value, len);
> > + pp->wwid[WWID_SIZE - 1] = '\0';
> > } else {
> > condlog(3, "%s: no %s attribute", pp->dev,
> > uid_attribute);
>
> Hi Martin,
>
> Your patch does not cause all overflows to be reported.
I'm not sure what you mean. The overflow message is printed if and only
if (strlen(value) + 1 > WWID_SIZE), which is correct, AFAICS. The point
of my patch is just to avoid that multipath crashes later due to an
unterminated string caused by this overflow.
> How about using the
> following (untested) alternative?
>
> diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
> index eca4ce97..80d962e6 100644
> --- a/libmultipath/discovery.c
> +++ b/libmultipath/discovery.c
> @@ -1607,13 +1607,8 @@ get_udev_uid(struct path * pp, char
> *uid_attribute, struct udev_device *udev)
> if (!value || strlen(value) == 0)
> value = getenv(uid_attribute);
> if (value && strlen(value)) {
> - if (strlen(value) + 1 > WWID_SIZE) {
> + if (strlcpy(pp->wwid, value, sizeof(pp->wwid)) >=
> WWID_SIZE)
> condlog(0, "%s: wwid overflow", pp->dev);
> - len = WWID_SIZE;
> - } else {
> - len = strlen(value);
> - }
> - strncpy(pp->wwid, value, len);
> } else {
> condlog(3, "%s: no %s attribute", pp->dev,
> uid_attribute);
> Bart.
Let's have a strncpy vs. strlcpy discussion :D !
I can do this if you insist, but I don't see a big benefit. We've
tested with the patch I submitted.
Thanks,
Martin
WARNING: multiple messages have this Message-ID (diff)
From: mwilck@suse.de (Martin Wilck)
Subject: [dm-devel] [PATCH 1/4] libmultipath: get_udev_uid: make sure pp->wwid is 0-terminated
Date: Fri, 14 Jul 2017 21:21:39 +0200 [thread overview]
Message-ID: <1500060099.4808.21.camel@suse.de> (raw)
In-Reply-To: <1500044188.2662.4.camel@wdc.com>
Hi Bart,
On Fri, 2017-07-14@14:56 +0000, Bart Van Assche wrote:
> On Fri, 2017-07-14@13:32 +0200, Martin Wilck wrote:
> > If the first WWID_LEN bytes of the uuid_attribute do not contain
> > a 0 byte, pp->wwid may end up not properly terminated. Fix it.
> >
> > Signed-off-by: Martin Wilck <mwilck at suse.com>
> > ---
> > libmultipath/discovery.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
> > index 663c8eaa..9951af84 100644
> > --- a/libmultipath/discovery.c
> > +++ b/libmultipath/discovery.c
> > @@ -1615,6 +1615,7 @@ get_udev_uid(struct path * pp, char
> > *uid_attribute, struct udev_device *udev)
> > len = strlen(value);
> > }
> > strncpy(pp->wwid, value, len);
> > + pp->wwid[WWID_SIZE - 1] = '\0';
> > } else {
> > condlog(3, "%s: no %s attribute", pp->dev,
> > uid_attribute);
>
> Hi Martin,
>
> Your patch does not cause all overflows to be reported.
I'm not sure what you mean. The overflow message is printed if and only
if (strlen(value) + 1 > WWID_SIZE), which is correct, AFAICS. The point
of my patch is just to avoid that multipath crashes later due to an
unterminated string caused by this overflow.
> How about using the
> following (untested) alternative?
>
> diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
> index eca4ce97..80d962e6 100644
> --- a/libmultipath/discovery.c
> +++ b/libmultipath/discovery.c
> @@ -1607,13 +1607,8 @@ get_udev_uid(struct path * pp, char
> *uid_attribute, struct udev_device *udev)
> if (!value || strlen(value) == 0)
> value = getenv(uid_attribute);
> if (value && strlen(value)) {
> - if (strlen(value) + 1 > WWID_SIZE) {
> + if (strlcpy(pp->wwid, value, sizeof(pp->wwid)) >=
> WWID_SIZE)
> condlog(0, "%s: wwid overflow", pp->dev);
> - len = WWID_SIZE;
> - } else {
> - len = strlen(value);
> - }
> - strncpy(pp->wwid, value, len);
> } else {
> condlog(3, "%s: no %s attribute", pp->dev,
> uid_attribute);
> Bart.
Let's have a strncpy vs. strlcpy discussion :D !
I can do this if you insist, but I don't see a big benefit. We've
tested with the patch I submitted.
Thanks,
Martin
next prev parent reply other threads:[~2017-07-14 19:21 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-14 11:32 [PATCH 0/4] libmultipath: Fixes for NVME / NVMEoF Martin Wilck
2017-07-14 11:32 ` Martin Wilck
2017-07-14 11:32 ` [PATCH 1/4] libmultipath: get_udev_uid: make sure pp->wwid is 0-terminated Martin Wilck
2017-07-14 11:32 ` Martin Wilck
2017-07-14 14:56 ` Bart Van Assche
2017-07-14 14:56 ` [dm-devel] " Bart Van Assche
2017-07-14 19:21 ` Martin Wilck [this message]
2017-07-14 19:21 ` Martin Wilck
2017-07-14 20:21 ` Bart Van Assche
2017-07-14 20:21 ` [dm-devel] " Bart Van Assche
2017-07-14 21:21 ` Martin Wilck
2017-07-14 21:21 ` [dm-devel] " Martin Wilck
2017-07-14 21:27 ` Bart Van Assche
2017-07-14 21:27 ` [dm-devel] " Bart Van Assche
2017-07-14 22:17 ` Benjamin Marzinski
2017-07-14 22:17 ` Benjamin Marzinski
2017-07-14 11:32 ` [PATCH 2/4] libmultipath: drop uevent_can_discard_by_devpath Martin Wilck
2017-07-14 11:32 ` Martin Wilck
2017-07-14 22:18 ` Schremmer, Steven
2017-07-14 22:18 ` [dm-devel] " Schremmer, Steven
2017-07-14 22:29 ` Benjamin Marzinski
2017-07-14 22:29 ` Benjamin Marzinski
2017-07-17 1:12 ` Guan Junxiong
2017-07-17 1:12 ` Guan Junxiong
2017-07-14 11:32 ` [PATCH 3/4] libmultipath: only listen for uevents with DEVTYPE=disk Martin Wilck
2017-07-14 11:32 ` Martin Wilck
2017-07-14 22:16 ` Schremmer, Steven
2017-07-14 22:16 ` [dm-devel] " Schremmer, Steven
2017-07-14 22:29 ` Benjamin Marzinski
2017-07-14 22:29 ` Benjamin Marzinski
2017-07-17 1:12 ` Guan Junxiong
2017-07-17 1:12 ` Guan Junxiong
2017-07-14 11:32 ` [PATCH 4/4] libmultipath: fix over-long NVME WWIDs Martin Wilck
2017-07-14 11:32 ` Martin Wilck
2017-07-14 22:38 ` Benjamin Marzinski
2017-07-14 22:38 ` Benjamin Marzinski
2017-07-17 1:13 ` Guan Junxiong
2017-07-17 1:13 ` Guan Junxiong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1500060099.4808.21.camel@suse.de \
--to=mwilck@suse.de \
--cc=Bart.VanAssche@wdc.com \
--cc=bmarzins@redhat.com \
--cc=christophe.varoqui@opensvc.com \
--cc=dm-devel@redhat.com \
--cc=guanjunxiong@huawei.com \
--cc=hare@suse.de \
--cc=linux-nvme@lists.infradead.org \
--cc=tang.junhui@zte.com.cn \
--cc=xose.vazquez@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.