Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2695345pxj; Mon, 10 May 2021 08:43:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzUVdnFN9vsCcrFYr0f0asYTfnEFiPD75a7NEMoky5aymkWO5LyzOmfw1MBdY0h8GH4DIN1 X-Received: by 2002:a50:fc91:: with SMTP id f17mr30228058edq.23.1620661403670; Mon, 10 May 2021 08:43:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620661403; cv=none; d=google.com; s=arc-20160816; b=vrDYURIWI9R4cbS11ero6DoSS5o029divba+dCjDm6w+h2208EUXgRD02rW4zoicg5 ve8aY5pDmBZhFJqIvHcvlmazRH3jmWPHvEEFYSXlqyiWnGK4f61dSxf4PNvCDBbGNZ1r bbU7EqAS1561kNuu8CG65BPTyVgj7RJcG0jgiwtWvk2JxwTQ2z2WAWFrP0tXL9CZNeNX y2Wgznu/2yP9mTYHxJmbhI7cLfpEsx5Ny5aScskFo0N1V6hsljO6dMMrnaH5rHN8luHZ 3PKe5waV7ULpPhaJ5nPMIYpCZBLuHZSb7Vw0AjhRvGtGlznjb48lzfrkRVX3YNCc05Ww KHPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=wnnVNFRb4ukIGPlS0RyJn2L7jxVmCizCvaFJB6Iy2/Q=; b=rWiT4ESirZLkMxdu2E0We6PjyxZGfVe+/10RSulrewviuKs+p0njScyB/Eo38u/C9a x+DxWP3I02ZnWT0vhLSx5W/kP/FLqQZnbA0GGE+kxVRozSgyJXaYtML6VOkWbGNywta+ TqrlkQ/+U6Z+2Ld/bXEQ2ZSN1DY9aJ0EOq4ngtI4R07f3QhIxqSyxrkolP5QPmPLbB7C lE7sSJJ+GIkCNJWGlKzhTjyONs5Fxy/8wjbFfkjCIOJSt4kta+Qfv4ZMbmMWENBc9KSj +pSs1Vl8OOKt9LcnYbf4JoQ/aNpyglbVwK8W55rCfro5xVGIR8IG9gmCtVHg6lbpk0PF D+kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=l8PSD+Zo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a6si8521992edk.546.2021.05.10.08.42.58; Mon, 10 May 2021 08:43:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=l8PSD+Zo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232530AbhEJPkx (ORCPT + 99 others); Mon, 10 May 2021 11:40:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:59332 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231845AbhEJPko (ORCPT ); Mon, 10 May 2021 11:40:44 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D848C611C1; Mon, 10 May 2021 15:39:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620661179; bh=CudXjd0hQkvW0675tw9uDcMFK77kr+Yf/Cpj1A3k0ws=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=l8PSD+ZoAScwk8qp8Lntnu/ZV0qrcPXNjNKCwuN5A75ajOKvRYCOwjVx614CGy6e+ 7LEBzW3wPyL8YPOCLBOW85lGUd649nUgR+owzNH0Nl05zFyRiREuuCxacHjCYJHrFq cCbtDKIBq/zGWQbbqHx3XvvYz/x9jZdbnkGVtM1DxNqQpZiEHixqKpFvFbTwhJIcMV BhhRkEchhrUN2dr2KMgcUOpXbapydyxrqAU9EGDAneweikYcD10s+qgINcuIRQ7fpf SCGGhuClC8fo0VZnt5IBX0s9/2loaDxeFZLitxJkmloWoZZgGoqu7+bF0lvfUubOin aR+zZcKcRunaQ== Received: by mail-oo1-f50.google.com with SMTP id i8-20020a4aa1080000b0290201edd785e7so3560885ool.1; Mon, 10 May 2021 08:39:39 -0700 (PDT) X-Gm-Message-State: AOAM533STcQQOFuQl4A6BAKGAYY44lCsGtX9oYJC232s3nxA7PqqBDVr wkIC8ZuGhiNDV0UHwgxf78vuvlqqGsG49Ddqrvc= X-Received: by 2002:a4a:b997:: with SMTP id e23mr19330421oop.13.1620661179176; Mon, 10 May 2021 08:39:39 -0700 (PDT) MIME-Version: 1.0 References: <20210421194636.1540448-1-linux@rasmusvillemoes.dk> In-Reply-To: <20210421194636.1540448-1-linux@rasmusvillemoes.dk> From: Ard Biesheuvel Date: Mon, 10 May 2021 17:39:28 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] efi: cper: fix snprintf() use in cper_dimm_err_location() To: Rasmus Villemoes Cc: Alex Kluver , linux-efi , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 21 Apr 2021 at 21:46, Rasmus Villemoes wrote: > > snprintf() should be given the full buffer size, not one less. And it > guarantees nul-termination, so doing it manually afterwards is > pointless. > > It's even potentially harmful (though probably not in practice because > CPER_REC_LEN is 256), due to the "return how much would have been > written had the buffer been big enough" semantics. I.e., if the bank > and/or device strings are long enough that the "DIMM location ..." > output gets truncated, writing to msg[n] is a buffer overflow. > > Signed-off-by: Rasmus Villemoes > --- > drivers/firmware/efi/cper.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c > index e15d484b6a5a..ea7ca74fc173 100644 > --- a/drivers/firmware/efi/cper.c > +++ b/drivers/firmware/efi/cper.c > @@ -276,8 +276,7 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg) > if (!msg || !(mem->validation_bits & CPER_MEM_VALID_MODULE_HANDLE)) > return 0; > > - n = 0; > - len = CPER_REC_LEN - 1; > + len = CPER_REC_LEN; > dmi_memdev_name(mem->mem_dev_handle, &bank, &device); > if (bank && device) > n = snprintf(msg, len, "DIMM location: %s %s ", bank, device); > @@ -286,7 +285,6 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg) > "DIMM location: not present. DMI handle: 0x%.4x ", > mem->mem_dev_handle); > > - msg[n] = '\0'; > return n; > } > > -- > 2.29.2 > Thanks, I will queue this up.