Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp490681lqo;
        Wed, 8 May 2024 06:17:26 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUUOx1YY+cf5le65vJCzGEJ7GDZCXBkxsWHFgQW/WTh4PH7SAbeIdDSV7RzEOIvNj93pcMZQVSsdzHPamSxYxkm2BCMFrLeMCTxFXVtgg==
X-Google-Smtp-Source: AGHT+IFJjnpHQ/0THkEx1jN4a1nxPhwG9/O2NqDeFlQdurzKy3URN8D4oaZBfU19YadEk+wSNZjv
X-Received: by 2002:a05:6a20:9147:b0:1a8:2cc0:290a with SMTP id adf61e73a8af0-1afc8d5bfd5mr3439227637.30.1715174246503;
        Wed, 08 May 2024 06:17:26 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715174246; cv=pass;
        d=google.com; s=arc-20160816;
        b=m+1lX7YEjw6uaUXPaO5M/N9PpVGA+xaMuisq+M6DvZFiyr35wUBE2HxQf3gToLmvbp
         EhGxuDEU49zQfrPXrMAi1UoEpbpb/nXLc88YTKcUnvYY25MnOxJ1bBJhoHozjn+gjZBo
         Nu2HYwZWdaatlwxDDZBBwcRR7lC9lQiqkk2om6pRt9/QGxEDFWgUh7Gz2jPQTG4rwhEh
         5Ts6M03paEr9wLIg+rLp+ZVM/nR6YV+jpfcvv/JqyzVQ7NmyFqOmu+H0fDRFMbf4HipJ
         d8/VEgw+RT8FddNLeCcUeGEkoyLbCgfeg4a1B0buC7TxtdzOorjUDWn3vOhqBiNXda8b
         6Hlw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=kuNQNBgtBPmj82HrzPbdr+eSOKVPK/r02FyvgFRDDls=;
        fh=iDueZQvo/d6WQxO7YFr1ldrAI3U6/xMjsc+c0TfVvCA=;
        b=qjSIDh3VEYtmiRhS0Lkb2IRr1Y09PoTXgY1w1LwbY6NdHdDnknUMwEldl3GDUFvNfd
         d51DYqxn0+fzt/SzqxCufbA7F9wpQfKBpxf7wPX8XwzDEWEUAngAtWftSSoztqdHHyX2
         ZbMCmChRBp2C0GlXkoDtTq1MXVe+pHBhHh5OCwTkjz+jjJU2AgAidU+dz+RI0mUDecU2
         QU2/yKZbHElFYoKx1jePgsS2hLiNItGqT2Ow7lJBXfYDaN0qTP8Kvy7XwRlrvDCA7V/i
         KrsdFKl3XWGWtpMDfjDOb2GkCl/pBrfbnCGtliO7ti+Yk9PrXXoxaceTA+YKquwtIz0q
         fT0Q==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TFT551bp;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-173284-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-173284-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-173284-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id k75-20020a62844e000000b006f44adf1c50si11507046pfd.229.2024.05.08.06.17.25
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 08 May 2024 06:17:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-173284-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TFT551bp;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-173284-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-173284-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id EA359B21688
	for <linux.lists.archive@gmail.com>; Wed,  8 May 2024 13:15:51 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 88B548592C;
	Wed,  8 May 2024 13:13:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TFT551bp"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1B5373189;
	Wed,  8 May 2024 13:13:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715174015; cv=none; b=VpERhSXbicenUhsaPjsSLuLcj0dvyKNUbB0XCc+BQr21kjthZiZKDh0daTS6dNZcoeDgHAp8ksmGVrr6JbraPvG1CnDXxFSL0rQw9k5lUvUG3/lmnhs4pC20jPQrpFw12Nnxzz6O4DVBd5ahXUWHaEJez+PO+Ww1//J6CO5rNxU=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715174015; c=relaxed/simple;
	bh=S+L+g5yIhWlIr/9ZvbAOYclCZ1IhRvX6JyjpcHE5Uh8=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=iuAeVtjfKOwdJvOVW2wQReYXSgN1WhVEkweYDfghXu2YYCjw/FGHJDRH0Wr8SNehV0vQsST+13N2hcseOJ3pAO38kbU78PYUuAQGQ4xCuqsKH1TNED2f65bB9m886QQlZ6BcEH+eoNJqsgT9DDgzgByvdGmu+OBM2vn3OwXnrUY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TFT551bp; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C26FDC113CC;
	Wed,  8 May 2024 13:13:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1715174015;
	bh=S+L+g5yIhWlIr/9ZvbAOYclCZ1IhRvX6JyjpcHE5Uh8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=TFT551bpIoawyrVHM6fj4ijVIne3bwjA9xNpjJ1QfejFj+ceOSqTntplF2gJq/BEY
	 U7X0fc60ZODbiXO8VXY/5WPVX02fM6F6NgzTEv912OO/3Rr4Y4wKGwOJ5H9E/irAx5
	 m4NjuijYppdoQ7LLzV/+bfUjC9FqJQ5hT4OSDrXfhWpvH5E0EJG5ySQGWJn4KV0vA9
	 5byfDbQOu12uvtUPasQHFNTRkmSRCZ+Ln8b0IW7ufUQRTPe+TGuTfkukaeRlxdlAIC
	 NosoGU04EP3kGw1oDGh25exqHUg1PsY5q2xCJ4mtxlwZ4yHdGFg7bG/mDLJ2gFRUd8
	 5Api71VsrTP/w==
Date: Wed, 8 May 2024 07:13:32 -0600
From: Keith Busch <kbusch@kernel.org>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>,
	Chaitanya Kulkarni <kch@nvidia.com>, linux-nvme@lists.infradead.org,
	linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] nvmet: prevent sprintf() overflow in
 nvmet_subsys_nsid_exists()
Message-ID: <Zjt6fDIxLupGfglV@kbusch-mbp.dhcp.thefacebook.com>
References: <25e9c58d-d192-4a91-ad40-4c2ea01fbdf5@moroto.mountain>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <25e9c58d-d192-4a91-ad40-4c2ea01fbdf5@moroto.mountain>

On Wed, May 08, 2024 at 10:43:04AM +0300, Dan Carpenter wrote:
> The nsid value is a u32 that comes from nvmet_req_find_ns().  It's
> endian data and we're on an error path and both of those raise red
> flags.  So let's make this safer.
> 
> 1) Make the buffer large enough for any u32.
> 2) Remove the unnecessary initialization.
> 3) Use snprintf() instead of sprintf() for even more safety.
> 4) The sprintf() function returns the number of bytes printed, not
>    counting the NUL terminator. It is impossible for the return value to
>    be <= 0 so delete that.
> 
> Fixes: 505363957fad ("nvmet: fix nvme status code when namespace is disabled")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Thanks, applied to nvme-6.9.