From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: Petr Mladek <pmladek@suse.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Linus Torvalds <torvalds@linux-foundation.org>,
"Tobin C . Harding" <me@tobin.cc>, Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
Michal Hocko <mhocko@suse.cz>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 9/9] vsprintf: Avoid confusion between invalid address and value
Date: Tue, 19 Feb 2019 12:03:46 +0900 [thread overview]
Message-ID: <20190219030300.GA640@jagdpanzerIV> (raw)
In-Reply-To: <20190208152310.29531-10-pmladek@suse.com>
On (02/08/19 16:23), Petr Mladek wrote:
[..]
> Plain Pointers
> --------------
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index 3a95b4d1ca2e..e51cbc2be540 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -1510,7 +1510,7 @@ char *ip_addr_string(char *buf, char *end, const void *ptr,
> case AF_INET6:
> return ip6_addr_string_sa(buf, end, &sa->v6, spec, fmt);
> default:
> - return string_nocheck(buf, end, "(invalid address)", spec);
> + return string_nocheck(buf, end, "(einval)", spec);
> }}
Hmm... The original code looks "a bit" dangerous.
Suppose, in my driver I want to sprintf() IPv4 address. The longest
possible address is 3 * 4 (%d%d%d) + 3 bytes (dots) + terminating NULL.
E.g. 111.111.111.111
So I can allocate a 16-bytes buffer (stack or slab) and accidentally
do an %piS sprintf() on a corrupted in_addr struct:
char buf[16];
sprintf(buf, "%piS", in_addr);
forcing sprintf() to write "(invalid address)" to a 16-bytes buffer,
but the thing is - strlen("(invalid address)") > 16.
We might want to take this change out of this series.
-ss
next prev parent reply other threads:[~2019-02-19 3:03 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-08 15:23 [PATCH v6 0/9] vsprintf: Prevent silent crashes and consolidate error handling Petr Mladek
2019-02-08 15:23 ` [PATCH v6 1/9] vsprintf: Shuffle restricted_pointer() Petr Mladek
2019-02-08 15:23 ` [PATCH v6 2/9] vsprintf: Consistent %pK handling for kptr_restrict == 0 Petr Mladek
2019-02-08 15:23 ` [PATCH v6 3/9] vsprintf: Do not check address of well-known strings Petr Mladek
2019-02-08 17:27 ` Andy Shevchenko
2019-02-08 15:23 ` [PATCH v6 4/9] vsprintf: Factor out %p[iI] handler as ip_addr_string() Petr Mladek
2019-02-08 15:23 ` [PATCH v6 5/9] vsprintf: Factor out %pV handler as va_format() Petr Mladek
2019-02-08 17:11 ` Joe Perches
2019-02-12 13:00 ` Petr Mladek
2019-02-12 14:32 ` Steven Rostedt
2019-02-12 17:58 ` Joe Perches
2019-02-12 19:47 ` Steven Rostedt
2019-02-12 20:22 ` Rasmus Villemoes
2019-02-08 15:23 ` [PATCH v6 6/9] vsprintf: Factor out %pO handler as kobject_string() Petr Mladek
2019-02-08 15:23 ` [PATCH v6 7/9] vsprintf: Consolidate handling of unknown pointer specifiers Petr Mladek
2019-02-08 17:25 ` Andy Shevchenko
2019-02-12 13:35 ` Petr Mladek
2019-02-08 15:23 ` [PATCH v6 8/9] vsprintf: Prevent crash when dereferencing invalid pointers Petr Mladek
2019-02-19 3:30 ` Sergey Senozhatsky
2019-02-19 11:02 ` Andy Shevchenko
2019-02-19 12:51 ` Sergey Senozhatsky
2019-02-19 13:49 ` Andy Shevchenko
2019-02-19 14:15 ` Sergey Senozhatsky
2019-02-20 10:24 ` Petr Mladek
2019-02-08 15:23 ` [PATCH v6 9/9] vsprintf: Avoid confusion between invalid address and value Petr Mladek
2019-02-08 17:27 ` Andy Shevchenko
2019-02-12 15:45 ` Petr Mladek
2019-02-13 13:54 ` Andy Shevchenko
2019-02-14 8:42 ` Petr Mladek
2019-02-14 12:45 ` Andy Shevchenko
2019-02-19 3:03 ` Sergey Senozhatsky [this message]
2019-02-19 11:06 ` Andy Shevchenko
2019-02-20 9:24 ` Petr Mladek
2019-02-21 1:47 ` Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190219030300.GA640@jagdpanzerIV \
--to=sergey.senozhatsky.work@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=me@tobin.cc \
--cc=mhocko@suse.cz \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.