From: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
To: lixiaokeng <lixiaokeng@huawei.com>
Cc: Jes Sorensen <jes@trained-monkey.org>,
<linux-raid@vger.kernel.org>, linfeilong <linfeilong@huawei.com>,
"liuzhiqiang (I)" <liuzhiqiang26@huawei.com>,
Wu Guanghao <wuguanghao3@huawei.com>
Subject: Re: [PATCH V2] Fix NULL dereference in super_by_fd
Date: Mon, 19 Dec 2022 14:08:45 +0100 [thread overview]
Message-ID: <20221219140845.000030c2@linux.intel.com> (raw)
In-Reply-To: <59f29da7-2d07-febd-fc7b-e194bdf3ced8@huawei.com>
On Mon, 19 Dec 2022 19:50:52 +0800
lixiaokeng <lixiaokeng@huawei.com> wrote:
> On 2022/12/15 19:50, Mariusz Tkaczyk wrote:
> > On Wed, 14 Dec 2022 11:17:41 +0800
> > lixiaokeng <lixiaokeng@huawei.com> wrote:
> >
> >> strcpy(st->devnm, devnm);
> >
> > Hi,
> > Please use strncpy or snprintf here.
>
> Thanks for your advice, but the length of devnm is not
> a defined value. I will keep it as the old codes.
Supertype devnm is a array defined to be 32.
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/mdadm.h#n1256
32 should be changed to MD_NAME_MAX - you can use this define.
I traveled fd2devnm and I can see that at the end devid2devnm returns:
static char devnm[32]
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/lib.c#n123
For that reason usage of strcpy in this case seems to be safe, unless we change
something deeper. My recommendation comes from general safe development rules-
we know dest buffer size so we can esnure that it will be ended properly by
'\0', whatever comes to write from fd2devnm().
Thanks,
Mariusz
next prev parent reply other threads:[~2022-12-19 13:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 3:17 [PATCH V2] Fix NULL dereference in super_by_fd lixiaokeng
2022-12-14 7:55 ` Paul Menzel
2022-12-19 11:52 ` lixiaokeng
2022-12-15 11:50 ` Mariusz Tkaczyk
2022-12-19 11:50 ` lixiaokeng
2022-12-19 13:08 ` Mariusz Tkaczyk [this message]
2022-12-19 16:45 ` Jes Sorensen
2022-12-20 1:35 ` lixiaokeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221219140845.000030c2@linux.intel.com \
--to=mariusz.tkaczyk@linux.intel.com \
--cc=jes@trained-monkey.org \
--cc=linfeilong@huawei.com \
--cc=linux-raid@vger.kernel.org \
--cc=liuzhiqiang26@huawei.com \
--cc=lixiaokeng@huawei.com \
--cc=wuguanghao3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.