Received: by 10.213.65.68 with SMTP id h4csp355380imn; Fri, 30 Mar 2018 06:56:02 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/aDo1H2bfjZ8HyVMJ6t+wN+nm0p0DV07AAiQab4MrQm8iuUNAWuLvUvCkpJsEbI1S22cyc X-Received: by 10.99.153.17 with SMTP id d17mr8575947pge.62.1522418162643; Fri, 30 Mar 2018 06:56:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522418162; cv=none; d=google.com; s=arc-20160816; b=Z+/+M6jbH37O6RlR/9IJKVMDJnxkGaMS64sXFmTTm1phtAWhaBKXb2DyKRuLvok27h GepaQ7G9OzhWHV3LY1eqxfaq49Gevsgak4ulbF13t8YzmEJMXTxO60+qprN3JX0cpBVL bThXmFd8GnO0UxUdVBFsv2bhWIdUXuDguQZF53IF4/zhu8s1TlC6b9/tC/unsI4G7zxF 8RpoMdQOLgCU6mI/8aKJnCjBPzKCGdvXn31pDvHqlN7pggYZkXV3wZ9N6xkMjoUqFwgw EHIjzsMI6phdxopUdSHszs3stxXvrJXCFyvC51IhSx+36puoi8mhd4IWjAQkWzsQCNI5 FIyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date :arc-authentication-results; bh=/jf6qB7gXP/kNF08LqRtBQIbizBzH7DswYQ4gJhjlts=; b=GHOdq1lYkhHUU7B+w0ZmDmCvhZCWx5o2LnqLqWGMeQ4KWwxOiQfdrC5HP7sIk3uXAo xFb7QkFrhPWgn4QDP5AblR2EIo4gbMomeKhMK9M6AFW9iNGCcyG3SOxpesYk+vOq6CZt +qV/uxLjJSuQ9bzAoH+0/Lt9jz7QV7ysBHGQGYT4VYCgTb59MWEUF5INRjyoyv4r6cYF m5jvsrkheuWf2Kqocth1UCWtJMIsPjHsR9S59v2dCGUaCCqzNg5QBL/IVrYCICg85RvO WeiXb9djCoT8velQAoDOLleNd+/7Pvy85rjQ2cTGu1781j/aCQOCDn/DtvrIv4k0Nbns PRuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3-v6si8483058pll.290.2018.03.30.06.55.48; Fri, 30 Mar 2018 06:56:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752188AbeC3Nyo (ORCPT + 99 others); Fri, 30 Mar 2018 09:54:44 -0400 Received: from shards.monkeyblade.net ([184.105.139.130]:59238 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751938AbeC3Nyl (ORCPT ); Fri, 30 Mar 2018 09:54:41 -0400 Received: from localhost (67.110.78.66.ptr.us.xo.net [67.110.78.66]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 031AF123BB45E; Fri, 30 Mar 2018 06:54:39 -0700 (PDT) Date: Fri, 30 Mar 2018 09:54:39 -0400 (EDT) Message-Id: <20180330.095439.156028039710999285.davem@davemloft.net> To: arnd@arndb.de Cc: jon.maloy@ericsson.com, ying.xue@windriver.com, parthasarathy.bhuvaragan@ericsson.com, netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH] tipc: avoid possible string overflow From: David Miller In-Reply-To: <20180328140302.2594031-1-arnd@arndb.de> References: <20180328140302.2594031-1-arnd@arndb.de> X-Mailer: Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 30 Mar 2018 06:54:40 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnd Bergmann Date: Wed, 28 Mar 2018 16:02:04 +0200 > gcc points out that the combined length of the fixed-length inputs to > l->name is larger than the destination buffer size: > > net/tipc/link.c: In function 'tipc_link_create': > net/tipc/link.c:465:26: error: '%s' directive writing up to 32 bytes into a region of size between 26 and 58 [-Werror=format-overflow=] > sprintf(l->name, "%s:%s-%s:unknown", self_str, if_name, peer_str); > ^~ ~~~~~~~~ > net/tipc/link.c:465:2: note: 'sprintf' output 11 or more bytes (assuming 75) into a destination of size 60 > sprintf(l->name, "%s:%s-%s:unknown", self_str, if_name, peer_str); > > Using snprintf() ensures that the destination is still a nul-terminated > string in all cases. It's still theoretically possible that the string > gets trunctated though, so this patch should be carefully reviewed to > ensure that either truncation is impossible in practice, or that we're > ok with the truncation. > > Fixes: 25b0b9c4e835 ("tipc: handle collisions of 32-bit node address hash values") > Signed-off-by: Arnd Bergmann Based upon the discussion here, it looks like Jon will fix this in a different way by increasing the destination buffer size.