From: Simon Horman <horms@kernel.org>
To: Gax-c <zichenxie0106@gmail.com>
Cc: kuba@kernel.org, andrew+netdev@lunn.ch, davem@davemloft.net,
edumazet@google.com, pabeni@redhat.com, petrm@nvidia.com,
idosch@nvidia.com, netdev@vger.kernel.org, zzjas98@gmail.com,
chenyuan0y@gmail.com
Subject: Re: [PATCH v2] netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
Date: Thu, 24 Oct 2024 11:55:08 +0100 [thread overview]
Message-ID: <20241024105508.GA1202098@kernel.org> (raw)
In-Reply-To: <20241022171907.8606-1-zichenxie0106@gmail.com>
On Tue, Oct 22, 2024 at 12:19:08PM -0500, Gax-c wrote:
> From: Zichen Xie <zichenxie0106@gmail.com>
>
> This was found by a static analyzer.
> We should not forget the trailing zero after copy_from_user()
> if we will further do some string operations, sscanf() in this
> case. Adding a trailing zero will ensure that the function
> performs properly.
>
> Fixes: c6385c0b67c5 ("netdevsim: Allow reporting activity on nexthop buckets")
> Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
> ---
> v2: adjust code format.
> ---
> drivers/net/netdevsim/fib.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/netdevsim/fib.c b/drivers/net/netdevsim/fib.c
> index 41e80f78b316..16c382c42227 100644
> --- a/drivers/net/netdevsim/fib.c
> +++ b/drivers/net/netdevsim/fib.c
> @@ -1377,10 +1377,12 @@ static ssize_t nsim_nexthop_bucket_activity_write(struct file *file,
>
> if (pos != 0)
> return -EINVAL;
> - if (size > sizeof(buf))
> + if (size > sizeof(buf) - 1)
I don't think this change for the best.
If the input data is well formatted it will end with a '\0'.
Which may be copied into the last byte of buf.
With this change the maximum size of the input data is
unnecessarily reduced by one.
> return -EINVAL;
> if (copy_from_user(buf, user_buf, size))
> return -EFAULT;
> + buf[size] = 0;
> +
> if (sscanf(buf, "%u %hu", &nhid, &bucket_index) != 2)
> return -EINVAL;
>
> --
> 2.34.1
>
>
next prev parent reply other threads:[~2024-10-24 10:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-22 17:19 [PATCH v2] netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Gax-c
2024-10-23 10:29 ` Petr Machata
2024-10-23 10:32 ` Petr Machata
2024-10-23 13:38 ` Ido Schimmel
2024-10-24 10:55 ` Simon Horman [this message]
2024-10-24 12:15 ` Petr Machata
2024-10-24 15:22 ` Simon Horman
2024-10-29 18:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241024105508.GA1202098@kernel.org \
--to=horms@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=chenyuan0y@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=zichenxie0106@gmail.com \
--cc=zzjas98@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.