Received: by 10.223.185.116 with SMTP id b49csp5497258wrg; Wed, 7 Mar 2018 12:49:45 -0800 (PST) X-Google-Smtp-Source: AG47ELue/1IyKk6wUZhYJzIzn67s1Rua1Mc7SWu4nrGvJ2IhcViUQAWAYjm8Z9XyVM0aSuXbFqn4 X-Received: by 2002:a17:902:7142:: with SMTP id u2-v6mr21743256plm.257.1520455785518; Wed, 07 Mar 2018 12:49:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520455785; cv=none; d=google.com; s=arc-20160816; b=u3ZhGB43ZFekWFLstlfBlMswBj7yqGFIdVANjpZZOXtC6x7b2YPM/LD3Y+5rd+kz4C wyfqZJjUUz83AQG03TBtyFJEy3Y0b+YCojw5JWCjDm9QwY7Yq5kvsTMoVWuDhWvuePP7 vdXyrN5bWPQnSTQNW5oz1Cl5RSdMY/FFnV1tFRYSDSzY4EbI3eYT6g04ZfckRO32XVht hD561G5iVhncTofiXwZeM2jBtFdoD9mbg6r1VFonqEeuplAYWIPvJZ3JBmOiyBV+UcOZ 0t7otsOt1KY+wPWXDgy9wywCYN3M73twp9QG5NZ54sQB659Sb2FhOvqjCo2Ti+qL7Brh FGwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:organization:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=Insxm2S9rMi7+moh9/tkUc4nASQmLaZ6ZbMKcoSXgZI=; b=LDqEqGPI4/HI340lvWyw29bm5ty2zS9BXhoHXvieaK3J/ST4kQOcQhQ5y5F77Z6RTG 6bM60OY2jTKOe93FCC/cK2HBXpbSfL51vAdgWZtmAV8KI6xvi0rPtfExS0BgY0Bs7M3p R8UorjLTtPirnmMNO/dQ6vppjmT/Zjuf1o40JtrJIHvprY8mrHjCN30J0RnfbxtZ5koq AiQMxFX+v8QMq+IdjG4P6Tp4PGxRVP8RHbWYh28AEUoJksYUADBmYxfGpFyH9Koq29PC S57ik5JBWPQ0aiykdNgBTxH3RBvB8fciDE/UC/hr3vKjucLIgJ04+i6wJURfSCTwqVtb 9vkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=XfxZTL6p; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t137si11829587pgb.736.2018.03.07.12.49.30; Wed, 07 Mar 2018 12:49:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=XfxZTL6p; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934716AbeCGUsm (ORCPT + 99 others); Wed, 7 Mar 2018 15:48:42 -0500 Received: from mail-wm0-f41.google.com ([74.125.82.41]:39497 "EHLO mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934690AbeCGUsh (ORCPT ); Wed, 7 Mar 2018 15:48:37 -0500 Received: by mail-wm0-f41.google.com with SMTP id i3so7169476wmi.4 for ; Wed, 07 Mar 2018 12:48:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:organization:references:date:in-reply-to :message-id:user-agent:mime-version; bh=Insxm2S9rMi7+moh9/tkUc4nASQmLaZ6ZbMKcoSXgZI=; b=XfxZTL6p5UltrnwpCO6uG1zS4Z0+HQKdvTRMxxO7ZvCcfgv5RiwBFKgyIBMPRwbcGD p0Mc/88bXIwuGgUFHoPSbI5R05Ap8j9K3WF3xcUfKf9YmVvnZlHFik0jKzFo7YwC1mzs ppvo4PQEjLkJrsVUWYoqWv3W4UU2iAZXMPPIQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:organization:references:date :in-reply-to:message-id:user-agent:mime-version; bh=Insxm2S9rMi7+moh9/tkUc4nASQmLaZ6ZbMKcoSXgZI=; b=D11kJmy2kE/hIr/2E4vFOrbZEm8S7O+AR2MFEEC5xcQUAo3g06Vm+gu03TZqSpiTr4 YwrjIpsOKMY2MguyMN9PyTj3V0FVyAgSk63CJ73VlsDY9eItqeI6AzrvwhU3oM42s7ey hG+prgVGIf9VEZNaD60M/Wmj4JHUzpkJqVPD6Xi6L7YP7WKB8hMdAKtpRk1dKBpt5xCh CIo3YijpmDY4bmsSf7PHJU/49QInSDLpP0mRZoTYCVDqhkdBnkti/JbEcqjeVLsmCbXD dN4zOZ4WL7pfq2SffcPkZpfOPZiny3wub5vr0asJRZQhnFwqeQZ6CwtF7jmzvETEaJM+ 5Agw== X-Gm-Message-State: AElRT7FIjCzCq+cYUVbXp3ujBdlSxCcCQaRluPpahICKVxknQfrcxTBl dsvxECPWlctH15m+SZ6Vi0WmZzyoxXY= X-Received: by 10.80.178.102 with SMTP id o93mr699814edd.297.1520455715658; Wed, 07 Mar 2018 12:48:35 -0800 (PST) Received: from morgan.rasmusvillemoes.dk (dhcp-5-186-126-104.cgn.ip.fibianet.dk. [5.186.126.104]) by smtp.gmail.com with ESMTPSA id b10sm6606806edk.32.2018.03.07.12.48.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Mar 2018 12:48:34 -0800 (PST) From: Rasmus Villemoes To: Kees Cook Cc: Rasmus Villemoes , Greg Kroah-Hartman , LKML , "Tobin C. Harding" , Tycho Andersen , Oleg Drokin , Andreas Dilger , James Simmons , Dmitry Eremin , Gargi Sharma , Lustre Development List , devel@driverdev.osuosl.org, Kernel Hardening Subject: Re: [PATCH] staging: lustre: Remove VLA usage Organization: D03 References: <20180307054608.GA9300@beast> X-Hashcash: 1:20:180307:jsimmons@infradead.org::jwKTMsYIgTblGTrI:0000000000000000000000000000000000000000Pf2 X-Hashcash: 1:20:180307:rasmus.villemoes@prevas.dk::GHx/16nYwsBGkjQt:000000000000000000000000000000000000s8o X-Hashcash: 1:20:180307:keescook@chromium.org::mqn6DkALIa4WFSCT:00000000000000000000000000000000000000001e0A X-Hashcash: 1:20:180307:devel@driverdev.osuosl.org::dOTWbIRM26WxfJZQ:000000000000000000000000000000000001w6H X-Hashcash: 1:20:180307:oleg.drokin@intel.com::g7iVdmC3Cfs+FpQO:00000000000000000000000000000000000000002O/l X-Hashcash: 1:20:180307:kernel-hardening@lists.openwall.com::BsLtWe3IrMj5VzhL:000000000000000000000000003cWK X-Hashcash: 1:20:180307:dmitry.eremin@intel.com::fW+9NZ1rm/deI/yO:000000000000000000000000000000000000004hIl X-Hashcash: 1:20:180307:tycho@tycho.ws::A+QE4sU1jvqEyqno:0005e+y X-Hashcash: 1:20:180307:andreas.dilger@intel.com::ri2ZzzCQEB7YTr1S:00000000000000000000000000000000000005m3C X-Hashcash: 1:20:180307:me@tobin.cc::GhQDwlyz82Sx2P9N:0000006L2I X-Hashcash: 1:20:180307:gregkh@linuxfoundation.org::7wwrIHQlvQtIno8x:000000000000000000000000000000000006dhD X-Hashcash: 1:20:180307:linux-kernel@vger.kernel.org::WaAsaArf4vtKiCiT:00000000000000000000000000000000093Um X-Hashcash: 1:20:180307:lustre-devel@lists.lustre.org::AYuO+MFuGLBlGHjC:00000000000000000000000000000000CKOl X-Hashcash: 1:20:180307:gs051095@gmail.com::wQkU9pHIUzNi+sLk:0000000000000000000000000000000000000000000FNFP Date: Wed, 07 Mar 2018 21:48:33 +0100 In-Reply-To: (Kees Cook's message of "Wed, 7 Mar 2018 09:20:31 -0800") Message-ID: <87ina7ehni.fsf@rasmusvillemoes.dk> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 07 2018, Kees Cook wrote: > On Wed, Mar 7, 2018 at 5:10 AM, Rasmus Villemoes > wrote: >> On 2018-03-07 06:46, Kees Cook wrote: >>> The kernel would like to remove all VLA usage. This switches to a >>> simple kasprintf() instead. >>> >> >> It's probably worth pointing out that this actually fixes an >> unconditional buffer overflow: fullname only has room for the two >> strings and the '\n', but vsnprintf() is told that the buffer has >> infinite size (well, INT_MAX), so there should be plenty of room to >> append the '\0' after the '\n'. >> > > Oh yes, hah. I didn't even see the \n in the string. :P > > So, both a VLA fix and a buffer over-run fix. Can I add your "Reviewed-by"? :) Sure, Reviewed-by: Rasmus Villemoes A nit, if you're resending anyway: can you move the "char *fullname" declarations down a bit, to between pv,valid, and lli,rc, respectively? That keeps the initialized and uninitialized variables nicely together and ends up looking better.