From: Kalle Valo <kvalo@qca.qualcomm.com>
To: Jouni Malinen <jkmalinen@gmail.com>
Cc: Michal Kazior <michal.kazior@tieto.com>,
linux-wireless <linux-wireless@vger.kernel.org>,
"ath10k@lists.infradead.org" <ath10k@lists.infradead.org>,
Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: [PATCH v2] ath10k: add soft/hard firmware crash option to simulate_fw_crash
Date: Thu, 20 Mar 2014 09:51:49 +0200 [thread overview]
Message-ID: <87lhw5fgtm.fsf@kamboji.qca.qualcomm.com> (raw)
In-Reply-To: <CANe27jJgu7QP9r7GGvnDnDp=7aVmMaJLGPqJVPRyo-E8epYACA@mail.gmail.com> (Jouni Malinen's message of "Wed, 19 Mar 2014 14:41:11 +0200")
Jouni Malinen <jkmalinen@gmail.com> writes:
> On Wed, Mar 19, 2014 at 11:16 AM, Michal Kazior <michal.kazior@tieto.com> wrote:
>>
>> On 19 March 2014 10:06, Kalle Valo <kvalo@qca.qualcomm.com> wrote:
>> > Fengguan's buildbot got warnings here and I assume they are coming from
>> > smatch:
>> >
>> > drivers/net/wireless/ath/ath10k/debug.c:500 ath10k_write_simulate_fw_crash() error: strncmp() '"hard"' too small (5 vs 32)
>> > drivers/net/wireless/ath/ath10k/debug.c:497 ath10k_write_simulate_fw_crash() error: strncmp() '"soft"' too small (5 vs 32)
>> >
>> > I wanted to use strncmp() instead of strcmp(), but I'm not sure what to
>> > do here. In my opinion it's guaranteed that the string "hard" is null
>> > terminated, so it shouldn't matter even if strlen("soft") (5) is less
>> > than sizeof(buf) (32), right? Or am I missing something here?
>>
>> Hmm.. strncmp() compares *at most* n chars. The above means you can
>> overflow the const char[] "hard" and "soft" if `buf` is longer than
>> those. strncmp() must be passed the smallest length of either
>> argument.
>
> No you cannot. strncmp() will stop at '\0' from either buffer. If buf
> is nul terminated, I see no point in using strncmp here (i.e., strcmp
> should be used instead). If buf is not nul terminated, the length to
> strncmp() must be the correct length of data in that buf, not
> sizeof(buf). In either case, the current version here is incorrect
> (even if it could not result in a buffer read overflow in practice).
The reason why I changed strcmp() to strncmp() was to avoid the case if
someone accidentally removes "- 1" from the copy. I think this is just
too subtle for mistakes:
char buf[32] = {};
[...]
/* Don't copy over the last byte, keep it initialised to zero to
* make sure that the buffer is properly null terminated. */
simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
So I considered strncmp() just as an extra layer of protection (it has a
limit for the loop). But now that I think more about this, maybe this is
safer:
char buf[10];
[...]
simple_write_to_buffer(buf, sizeof(buf), ppos, user_buf, count);
/* make sure buf is null terminated */
buf[sizeof(buf) - 1] = 0;
But anyway, I'll change the patch to use strcmp() again.
--
Kalle Valo
next prev parent reply other threads:[~2014-03-20 7:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-13 8:24 [PATCH v2] ath10k: add soft/hard firmware crash option to simulate_fw_crash Kalle Valo
2014-03-14 10:39 ` Kalle Valo
2014-03-14 11:38 ` Marek Puzyniak
2014-03-19 9:06 ` Kalle Valo
2014-03-19 9:16 ` Michal Kazior
2014-03-19 12:41 ` Jouni Malinen
2014-03-20 7:51 ` Kalle Valo [this message]
2014-03-21 14:37 ` Dan Carpenter
2014-03-25 6:52 ` Kalle Valo
2014-03-26 11:40 ` Dan Carpenter
2014-03-24 8:25 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lhw5fgtm.fsf@kamboji.qca.qualcomm.com \
--to=kvalo@qca.qualcomm.com \
--cc=ath10k@lists.infradead.org \
--cc=dan.carpenter@oracle.com \
--cc=jkmalinen@gmail.com \
--cc=linux-wireless@vger.kernel.org \
--cc=michal.kazior@tieto.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).