From: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
To: lixiaokeng <lixiaokeng@huawei.com>
Cc: Jes Sorensen <jes@trained-monkey.org>,
<linux-raid@vger.kernel.org>, linfeilong <linfeilong@huawei.com>,
"liuzhiqiang (I)" <liuzhiqiang26@huawei.com>,
Wu Guanghao <wuguanghao3@huawei.com>
Subject: Re: [PATCH V2] Fix NULL dereference in super_by_fd
Date: Mon, 19 Dec 2022 14:08:45 +0100 [thread overview]
Message-ID: <20221219140845.000030c2@linux.intel.com> (raw)
In-Reply-To: <59f29da7-2d07-febd-fc7b-e194bdf3ced8@huawei.com>
On Mon, 19 Dec 2022 19:50:52 +0800
lixiaokeng <lixiaokeng@huawei.com> wrote:
> On 2022/12/15 19:50, Mariusz Tkaczyk wrote:
> > On Wed, 14 Dec 2022 11:17:41 +0800
> > lixiaokeng <lixiaokeng@huawei.com> wrote:
> >
> >> strcpy(st->devnm, devnm);
> >
> > Hi,
> > Please use strncpy or snprintf here.
>
> Thanks for your advice, but the length of devnm is not
> a defined value. I will keep it as the old codes.
Supertype devnm is a array defined to be 32.
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/mdadm.h#n1256
32 should be changed to MD_NAME_MAX - you can use this define.
I traveled fd2devnm and I can see that at the end devid2devnm returns:
static char devnm[32]
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/lib.c#n123
For that reason usage of strcpy in this case seems to be safe, unless we change
something deeper. My recommendation comes from general safe development rules-
we know dest buffer size so we can esnure that it will be ended properly by
'\0', whatever comes to write from fd2devnm().
Thanks,
Mariusz
next prev parent reply other threads:[~2022-12-19 13:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 3:17 [PATCH V2] Fix NULL dereference in super_by_fd lixiaokeng
2022-12-14 7:55 ` Paul Menzel
2022-12-19 11:52 ` lixiaokeng
2022-12-15 11:50 ` Mariusz Tkaczyk
2022-12-19 11:50 ` lixiaokeng
2022-12-19 13:08 ` Mariusz Tkaczyk [this message]
2022-12-19 16:45 ` Jes Sorensen
2022-12-20 1:35 ` lixiaokeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221219140845.000030c2@linux.intel.com \
--to=mariusz.tkaczyk@linux.intel.com \
--cc=jes@trained-monkey.org \
--cc=linfeilong@huawei.com \
--cc=linux-raid@vger.kernel.org \
--cc=liuzhiqiang26@huawei.com \
--cc=lixiaokeng@huawei.com \
--cc=wuguanghao3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).