From: Dominique Martinet <asmadeus@codewreck.org>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
netdev@vger.kernel.org, dsahern@gmail.com, aclaudi@redhat.com,
daniel@iogearbox.net, Jamal Hadi Salim <hadi@mojatatu.com>
Subject: Re: [PATCH iproute2 v2 1/2] bpf: Fix segfault when custom pinning is used
Date: Thu, 23 Apr 2020 08:30:20 +0200 [thread overview]
Message-ID: <20200423063020.GA31520@nautica> (raw)
In-Reply-To: <5a636d8d-e287-b553-b3fb-a62afbbde4ae@mojatatu.com>
Jamal Hadi Salim wrote on Wed, Apr 22, 2020:
> >>diff --git a/lib/bpf.c b/lib/bpf.c
> >>index 10cf9bf4..656cad02 100644
> >>--- a/lib/bpf.c
> >>+++ b/lib/bpf.c
> >>@@ -1509,15 +1509,15 @@ out:
> >> static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx,
> >> const char *todo)
> >> {
> >>- char *tmp = NULL;
> >>+ char tmp[PATH_MAX] = {};
> >
> >Initializing the whole string to 0 is over kill here.
>
> Why is it overkill? ;->
> Note: I just replicated other parts of the same file which
> initialize similar array to 0.
FWIW I kind of agree this is overkill, there's only one other occurence
of a char * being explicitely zeroed, the rest isn't strings so probably
have better reasons to.
snprintf will safely zero-terminate it and nothing should ever access
past the nul byte so it shouldn't be necessary.
> >> char *rem = NULL;
> >> char *sub;
> >> int ret;
> >>- ret = asprintf(&tmp, "%s/../", bpf_get_work_dir(ctx->type));
> >>+ ret = snprintf(tmp, PATH_MAX, "%s/../", bpf_get_work_dir(ctx->type));
> >
> >snprintf will never return -1.
>
> Man page says it does. Practically it may not but we have code (in
> iproute2) which assumes it will happen.
>
> Pick your poison:
> 1) Ignore the return code
> 2) As suggested by Dominique, something along the lines of:
(I also said I don't think it can ever fail in the non-wide-char variant
we use here (failure described in man page might be bad format string?
but we use a constant string here), and that the >= check is redundant
with the later strcat boundary checking ; by the same logic the words
you put in my mouth here are overkill as well :) (and the max size
variant would need some extra andling to set errno so check cannot be
shared that easily)
Anyway rest of iproute2 doesn't check snprintf return value much, it
should be fine to ignore)
> if (ret <= 0 || ret >= MAX_PATH)
> ...error here..
>
> Which one do you prefer?
--
Dominique
next prev parent reply other threads:[~2020-04-23 6:30 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 10:28 [PATCH iproute2 v2 0/2] bpf: memory access fixes Jamal Hadi Salim
2020-04-22 10:28 ` [PATCH iproute2 v2 1/2] bpf: Fix segfault when custom pinning is used Jamal Hadi Salim
2020-04-22 12:24 ` Andrea Claudi
2020-04-22 14:43 ` Dominique Martinet
2020-04-22 17:07 ` Jamal Hadi Salim
2020-04-22 16:35 ` Stephen Hemminger
2020-04-22 17:19 ` Jamal Hadi Salim
2020-04-23 6:30 ` Dominique Martinet [this message]
2020-04-23 17:46 ` Jamal Hadi Salim
2020-04-22 10:28 ` [PATCH iproute2 v2 2/2] bpf: Fix mem leak and extraneous free() in error path Jamal Hadi Salim
2020-04-22 14:44 ` Dominique Martinet
2020-04-30 5:40 ` [PATCH iproute2 v2 0/2] bpf: memory access fixes Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200423063020.GA31520@nautica \
--to=asmadeus@codewreck.org \
--cc=aclaudi@redhat.com \
--cc=daniel@iogearbox.net \
--cc=dsahern@gmail.com \
--cc=hadi@mojatatu.com \
--cc=jhs@mojatatu.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).