Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4285958imu; Mon, 14 Jan 2019 19:30:04 -0800 (PST) X-Google-Smtp-Source: ALg8bN7tQh0+VsOUVjTwWdoRJv5hT9QOy70MFUqu0RSjZRPpNvTDJPUlc18kuwqM9xuPR9kNPZoE X-Received: by 2002:a17:902:bd86:: with SMTP id q6mr1899985pls.16.1547523004019; Mon, 14 Jan 2019 19:30:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547523004; cv=none; d=google.com; s=arc-20160816; b=eO9b6ixtR6EywlSUmFgPlSwsp5h/fIMvlaRAPm+31rgpDWO2VsGbmHipNaz1pcKW2t XaVD3XLmLRLeSS3xIC/qzcGwiZmeua411mAP7EcZU94ggClj+v9q0/MymBzPb4sGLAME 6N1thWCwH958UdHrqWo2P7I92il0GBpsenCWD+1hDjuAoJg45uECEW+iyKLZZFxIX6kI VUIHWpHJrzcsmbv8NP/jlGmEG6wKX0Wz2CIhljZO05gYvEswqpVEbdWBn3z/5mZBN2io iy5qyJgukjnvf6bzwy4Jt3caNN0meuY5zczf8ONfeeIO4LeAhizL/RWZ69qL8f2pxSl5 hTwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=VGSa3X7AZJA5X5zN3PI40YJySV91wekRZcWeiye72KE=; b=jxur4mjgU9rzYXJMNHH3RqnydNYEVaz84ekEo7Y2sOnBTBfUpWoHzp1RBZwaFJlOQH 1cKwj9WPjQUMPrqH5QDjBvGhbBU+GpA/2ERi+8zHEMhcfqogP5m5dWsSieDS7fM4oTb3 Fi1SDUh4cPQPLkUGXg/8rCFxQu03MVc7L9OkeOhCGLHSq/+xsYTQm704jbF9YsTLl0L7 yj4gQlcHujcmXaH4SZtzu4KKO4AxDiV9uIyj0EHsPzfkTHjJu5FbpgJ5IbykpLP3tp7L k7X2BkJY2Czlzphsfo02SHp9m2j8IqvI/GbrmnFUVFEcQBsFQhYKqR5M/5rrxONiMb0O 5J0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 91si2079915ply.214.2019.01.14.19.29.30; Mon, 14 Jan 2019 19:30:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727709AbfAODMs (ORCPT + 99 others); Mon, 14 Jan 2019 22:12:48 -0500 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:35421 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727221AbfAODMs (ORCPT ); Mon, 14 Jan 2019 22:12:48 -0500 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id x0F3CZGN006430; Tue, 15 Jan 2019 04:12:35 +0100 Date: Tue, 15 Jan 2019 04:12:35 +0100 From: Willy Tarreau To: Kees Cook Cc: Silvio Cesare , LKML , Dan Carpenter , Will Deacon , Greg KH Subject: Re: [PATCH 1/8] lkdtm: change snprintf to scnprintf for possible overflow Message-ID: <20190115031235.GA6416@1wt.eu> References: <20190112152844.26550-1-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kees, On Mon, Jan 14, 2019 at 05:02:51PM -0800, Kees Cook wrote: > On Sat, Jan 12, 2019 at 7:28 AM Willy Tarreau wrote: > > > > From: Silvio Cesare > > > > Change snprintf to scnprintf. There are generally two cases where using > > snprintf causes problems. > > (I didn't find a 0/8 cover letter, so I'm replying here...) I didn't add one simply because I didn't have more context info than the one already present in each of these commits (which were all the same by the way). These ones were first reported by Silvio on the security list on November 23rd and came to a stall by lack of proper Cc and subject lines. So I've ran get_maintainers.pl + git log to adjust all this and sent them with the available context. > Many of these fixes are just robustness updates (e.g. the lkdtm case > below is not current a problem: the size of the static array getting > displayed is less than PAGE_SIZE). It might be worth noting which are > actually problems (and include the appropriate Cc: and Fixes: lines). From what I remember from the thread, these are small bugs causing some memory disclosure when used with debugfs. I've just found the featured article : http://blog.infosectcbr.com.au/2018/11/memory-bugs-in-multiple-linux-kernel.html > Are these changes going into someone's single tree, or are they > intended for individual maintainers to pick up? The goal was to let the maintainers decide based on the commit message. That's why it's always better when the reporter sends the information by himself rather than relying on some third party to polish things up and forward :-/ Cheers, Willy