Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755841AbeAHHZo (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Mon, 8 Jan 2018 02:25:44 -0500
Received: from mout.web.de ([212.227.15.3]:59972 "EHLO mout.web.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1755220AbeAHHZn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Jan 2018 02:25:43 -0500
Subject: Re: [PATCH] atm/clip: Use seq_puts() in svc_addr()
To: Andy Shevchenko <andy.shevchenko@gmail.com>,
        netdev <netdev@vger.kernel.org>
Cc: Bhumika Goyal <bhumirks@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        David Windsor <dwindsor@gmail.com>,
        Elena Reshetova <elena.reshetova@intel.com>,
        Hans Liljestrand <ishkamiel@gmail.com>,
        Johannes Berg <johannes.berg@intel.com>,
        Kees Cook <keescook@chromium.org>,
        Roopa Prabhu <roopa@cumulusnetworks.com>,
        LKML <linux-kernel@vger.kernel.org>,
        kernel-janitors@vger.kernel.org
References: <97636808-1d9f-d196-ebce-fbd2505c50e2@users.sourceforge.net>
 <CAHp75Vf-fNi-ATKd-EpkO3HDP2TZCWFc6EEU5a5r-zkZTcHQYg@mail.gmail.com>
From: SF Markus Elfring <elfring@users.sourceforge.net>
Message-ID: <66a18243-90fc-73c6-200a-fbbfa782d501@users.sourceforge.net>
Date: Mon, 8 Jan 2018 08:25:16 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CAHp75Vf-fNi-ATKd-EpkO3HDP2TZCWFc6EEU5a5r-zkZTcHQYg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:zA3K0jYNmt2F8ApU/gpq2k8TQAsmbXK2PaR2KvMS9l+vrwzz50c
 HVuftDOmVJI1Pzyr/qHkUfZf5zjPCwTssYWKAsant7qrxL2ZKDgAgb594Evwlt008NvGdct
 QG1tL+LZZ01+Pj8bmZRKH8+qxO2ZwyGvxDi9toxUjQtD9hKM4wPv/AcA2EljHW48+5QniOB
 kt+Hdvo8+A3wiSmgXP3zA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:zn1nBFqz25I=:PjiiVTjPBkrTXHjgqJ0w+L
 xyGIfWM4gVshXsjy2qOYsgoMaZQ4GGqYVIkkhH62sVor0/7OqRQSO6iuoAFfoqiu7SnQx2cGW
 umwzCJ0fU2StGsa9ygX9ceKafVSD98Cgy2X1M9c9HN+qqgb2gm/iMycAw9DTIZd8wcPHYUBw2
 rXSkgjjk+tqI1A0ajY2389CWJ5KTdNsS4Kg9B5Ez+Bjxpocw8nSEPcB0BFZu2Y1/AQDxFxAfv
 E9Z1Hqg9qsyJlWiYvi6xDvnm7jWaJTRGIkjFCdDPBst3UJhnf4P5YYQE6vhBGOkOL3qfIHrl1
 om9K5ckj2Na1OIByY8kNAN7H1Z1IQl+Gc+s8Mc+cafnKZzCCAlnLcK93G5mQarU/h2tlmn3su
 wljOLIgT7uYC//JkTiMaTq0FW/DnVqFVe8oVG4wm385NQ7XPJ+n8DZ61eojHtEuc1HoggotfK
 ja5u19WqY2BNBDoL3VCePchAqcq/XsdNi8sI6uUb8pAgk0m2D1FR55KaRwQNLl8ZT98OyMSds
 lzAarqa9gfkobirUZ9k0MIpIHhtlW5gfnXa8l+rwbEhRovriC0F0KZzk7fPPHPbFxeE07viRC
 eUINcOMZPc/4l/rb/eRMovw3XQny1Q5rNZLmHaFD6Dnx/mQWiBlXoDMWKpiuGOSJn64csm2QM
 X+X0+jfjeyVHu4rGzlOhcApFDC/7V8RNUA/poYX0Lf65OjB4A63sYK4Zs7/Y4HUtNorJ9oNMo
 7jwyfRVdsHFnjYWp9KgJDGvKnGm9YAdeTIVc3JTAvkaiyM1520U9sBaRytAeJU0XwxLcwupJj
 vJYF3FbV0QYYJn5dwzv6B3Ix1hrUbsu2LlrWd8f+gI+qVTNW2k=
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

>> @@ -708,11 +708,11 @@ static void svc_addr(struct seq_file *seq, struct sockaddr_atmsvc *addr)
>>         static int e164[] = { 1, 8, 4, 6, 1, 0 };
>>
>>         if (*addr->sas_addr.pub) {
>> -               seq_printf(seq, "%s", addr->sas_addr.pub);
>> +               seq_puts(seq, addr->sas_addr.pub);
> 
> Which opens a lot of security concerns.

How? - The passed string is just copied into a buffer finally, isn't it?


> Never do this again.

Why do you not like such a small source code transformation at the moment?


> P.S. I'm wondering what would be first,

I am curious on how communication difficulties can be adjusted.


> Markus starts looking into the actual code,

I inspected the original source code to some degree.
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/fs/seq_file.c?id=895c0dde398510a5b5ded60e5064c11b94bd30ca#n682
https://elixir.free-electrons.com/linux/v4.15-rc6/source/fs/seq_file.c#L660


> or most (all) of the maintainers just ban him.

The change acceptance is varying for various reasons by the involved contributors.

Regards,
Markus