Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1656800iog; Tue, 14 Jun 2022 10:16:40 -0700 (PDT) X-Google-Smtp-Source: AGRyM1s6R4bfuf8qvTPoT/E4XhbmnY9MYEta8v4Cf4DNcenrkHgZ+MB9Tg/ZlWu7L6EQjzq6vME1 X-Received: by 2002:a17:902:ab87:b0:162:26cf:bf7a with SMTP id f7-20020a170902ab8700b0016226cfbf7amr5359764plr.168.1655227000087; Tue, 14 Jun 2022 10:16:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655227000; cv=none; d=google.com; s=arc-20160816; b=LkMVc1oO811sOdchmQAhYp8HxKLAOaQQwInB9zb+BwsbdEzkAR/52XMh4vIVrogRBS zLYVUB2hEVExmf24uySDyRZth/o8JIe6xHV6TDbyLJRSZbCqxeJQcuoTuIjdqsa8hfEZ fJDHB5qwkACUHEqJs5laFAlmV9xvNwgGBvTGfoyvtXxaq+FP+0GGg52ppNPWODagUu+H 8BLAPc1+23auwWtMnsrl8KO0z01rG3PnerrBFKhJ6O77atOnofluYhrYUSM/VdOsXWYo e2Gcd15xFMos2sIohmN962kmC8LLF/ujTaL7dq6h7Y4J2WdUuBuiBj5rMV/QDT85+ULb N/dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=qI5czdQubm2ZOV6vztxHoayI0pQLECo2RQqQXvowmH8=; b=q9ZcrjR/nB1UPIYsRTfkHAYrlUNmtIqJ8Xt3niySu2i3SSufpahwhunghZWTSrAYhi LUAvIkzgkHOjS/u/bwtVvzqotK5N5uV6gWdUCHrN6kwfVfmz7tIEnYRfipqeni3GcVzt uAkSKd8iFmYk1twVULSxA74GIJVosXSCDkciXcXjDjQmqXLGVRNW5mRxdmtW+enkD6u8 fH4gtYSW+LQ0TV4HNCzwGQUO6mNdwgFcxRPHlNrz0L6V/6uIjsyI8byKvgX1enlJuPbY y4FEdPGYkX7RxeMuyyae4A2lXrDlvrfwIFrgMR9jUZpcIilNhiygE3GIQ1lGUSNUB3gd LlhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kAQc13py; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id om2-20020a17090b3a8200b001df9c9667b3si17327255pjb.124.2022.06.14.10.16.12; Tue, 14 Jun 2022 10:16:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kAQc13py; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237731AbiFNRNz (ORCPT + 99 others); Tue, 14 Jun 2022 13:13:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234159AbiFNRNy (ORCPT ); Tue, 14 Jun 2022 13:13:54 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB1D51FA79 for ; Tue, 14 Jun 2022 10:13:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655226833; x=1686762833; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=5mMsQrPr+sQP3R2iBlzsvxR1A+6STqAHDTUQIgeRwAI=; b=kAQc13pyTPbm5NcIbSF0nEqH1FoQx8SiKPOfjFKZfQtO5jFxHJdW6Xan kmMqcZv26s5L4bg067ZgIBqhGl9VVlfEsnhY0J6OgDOa2FkpNI/mZf1q7 kDDuhfQcVAMoGAiWCUXM31xQNT5oq51YZdXIIue1pbnwhAGudKa73ejpT 0uDCrgJzMfGXUu0v+9Cxqkx/ZReXx+dxBUK6cmOD49J+9TOPcVlHSN3OM zK+b5YYSVUH5b9vQkQ7qum8OnuesP1cGe4Ej64Ew95ZUti9ee/vgFXW/1 nza36OfuBmJTUC2CawTkEA99XG+4KAymp2y2HAA1eJeL/7xP5jnnpPTBm A==; X-IronPort-AV: E=McAfee;i="6400,9594,10378"; a="259137453" X-IronPort-AV: E=Sophos;i="5.91,300,1647327600"; d="scan'208";a="259137453" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2022 10:13:53 -0700 X-IronPort-AV: E=Sophos;i="5.91,300,1647327600"; d="scan'208";a="570095481" Received: from kjirish-mobl1.amr.corp.intel.com (HELO bgi1-mobl2.amr.corp.intel.com) ([10.209.156.199]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2022 10:13:52 -0700 From: Brian Gix To: linux-bluetooth@vger.kernel.org Cc: marcel@holtmann.org, luiz.dentz@gmail.com, brian.gix@intel.com, tedd.an@intel.com Subject: [PATCH BlueZ] mesh: Fix keyring snprintf usage range checking Date: Tue, 14 Jun 2022 10:13:38 -0700 Message-Id: <20220614171338.177983-1-brian.gix@intel.com> X-Mailer: git-send-email 2.35.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org snprintf performs it's own range checking and returns a negative value if string construction fails. Not checking the return value throws a warning at compile time on GCC 12 and later. This patch removes redundent range chacking and checks all snprintf return values. --- mesh/keyring.c | 68 +++++++++++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 28 deletions(-) diff --git a/mesh/keyring.c b/mesh/keyring.c index 6d539e74e..995a4b88f 100644 --- a/mesh/keyring.c +++ b/mesh/keyring.c @@ -39,26 +39,24 @@ static int open_key_file(struct mesh_node *node, const char *key_dir, { const char *node_path; char fname[PATH_MAX]; - int len; + int ret; if (!node) return -1; node_path = node_get_storage_dir(node); - if (strlen(node_path) + strlen(key_dir) + 1 + 3 >= PATH_MAX) - return -1; - if (flags & O_CREAT) { - len = snprintf(fname, PATH_MAX, "%s%s", node_path, key_dir); - if (len >= PATH_MAX) + ret = snprintf(fname, PATH_MAX, "%s%s", node_path, key_dir); + if (ret < 0) return -1; + if (mkdir(fname, 0755) != 0 && errno != EEXIST) l_error("Failed to create dir(%d): %s", errno, fname); } - len = snprintf(fname, PATH_MAX, "%s%s/%3.3x", node_path, key_dir, idx); - if (len >= PATH_MAX) + ret = snprintf(fname, PATH_MAX, "%s%s/%3.3x", node_path, key_dir, idx); + if (ret < 0) return -1; if (flags & O_CREAT) @@ -157,7 +155,7 @@ bool keyring_finalize_app_keys(struct mesh_node *node, uint16_t net_idx) const char *node_path; char key_dir[PATH_MAX]; DIR *dir; - int dir_fd; + int ret, dir_fd; struct dirent *entry; if (!node) @@ -165,10 +163,10 @@ bool keyring_finalize_app_keys(struct mesh_node *node, uint16_t net_idx) node_path = node_get_storage_dir(node); - if (strlen(node_path) + strlen(app_key_dir) + 1 >= PATH_MAX) + ret = snprintf(key_dir, PATH_MAX, "%s%s", node_path, app_key_dir); + if (ret < 0) return false; - snprintf(key_dir, PATH_MAX, "%s%s", node_path, app_key_dir); dir = opendir(key_dir); if (!dir) { if (errno == ENOENT) @@ -197,7 +195,7 @@ bool keyring_put_remote_dev_key(struct mesh_node *node, uint16_t unicast, const char *node_path; char key_file[PATH_MAX]; bool result = true; - int fd, i; + int ret, fd, i; if (!IS_UNICAST_RANGE(unicast, count)) return false; @@ -207,17 +205,19 @@ bool keyring_put_remote_dev_key(struct mesh_node *node, uint16_t unicast, node_path = node_get_storage_dir(node); - if (strlen(node_path) + strlen(dev_key_dir) + 1 + 4 >= PATH_MAX) + ret = snprintf(key_file, PATH_MAX, "%s%s", node_path, dev_key_dir); + if (ret < 0) return false; - snprintf(key_file, PATH_MAX, "%s%s", node_path, dev_key_dir); - if (mkdir(key_file, 0755) != 0 && errno != EEXIST) l_error("Failed to create dir(%d): %s", errno, key_file); for (i = 0; i < count; i++) { - snprintf(key_file, PATH_MAX, "%s%s/%4.4x", node_path, + ret = snprintf(key_file, PATH_MAX, "%s%s/%4.4x", node_path, dev_key_dir, unicast + i); + if (ret < 0) + return false; + l_debug("Put Dev Key %s", key_file); fd = open(key_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); @@ -272,7 +272,7 @@ bool keyring_get_remote_dev_key(struct mesh_node *node, uint16_t unicast, const char *node_path; char key_file[PATH_MAX]; bool result = false; - int fd; + int ret, fd; if (!IS_UNICAST(unicast)) return false; @@ -282,8 +282,11 @@ bool keyring_get_remote_dev_key(struct mesh_node *node, uint16_t unicast, node_path = node_get_storage_dir(node); - snprintf(key_file, PATH_MAX, "%s%s/%4.4x", node_path, dev_key_dir, + ret = snprintf(key_file, PATH_MAX, "%s%s/%4.4x", node_path, dev_key_dir, unicast); + if (ret < 0) + return false; + fd = open(key_file, O_RDONLY); if (fd >= 0) { if (read(fd, dev_key, 16) == 16) @@ -299,13 +302,17 @@ bool keyring_del_net_key(struct mesh_node *node, uint16_t net_idx) { const char *node_path; char key_file[PATH_MAX]; + int ret; if (!node) return false; node_path = node_get_storage_dir(node); - snprintf(key_file, PATH_MAX, "%s%s/%3.3x", node_path, net_key_dir, + ret = snprintf(key_file, PATH_MAX, "%s%s/%3.3x", node_path, net_key_dir, net_idx); + if (ret < 0) + return false; + l_debug("RM Net Key %s", key_file); remove(key_file); @@ -319,13 +326,17 @@ bool keyring_del_app_key(struct mesh_node *node, uint16_t app_idx) { const char *node_path; char key_file[PATH_MAX]; + int ret; if (!node) return false; node_path = node_get_storage_dir(node); - snprintf(key_file, PATH_MAX, "%s%s/%3.3x", node_path, app_key_dir, + ret = snprintf(key_file, PATH_MAX, "%s%s/%3.3x", node_path, app_key_dir, app_idx); + if (ret < 0) + return false; + l_debug("RM App Key %s", key_file); remove(key_file); @@ -337,7 +348,7 @@ bool keyring_del_remote_dev_key(struct mesh_node *node, uint16_t unicast, { const char *node_path; char key_file[PATH_MAX]; - int i; + int ret, i; if (!IS_UNICAST_RANGE(unicast, count)) return false; @@ -348,8 +359,11 @@ bool keyring_del_remote_dev_key(struct mesh_node *node, uint16_t unicast, node_path = node_get_storage_dir(node); for (i = 0; i < count; i++) { - snprintf(key_file, PATH_MAX, "%s%s/%4.4x", node_path, + ret = snprintf(key_file, PATH_MAX, "%s%s/%4.4x", node_path, dev_key_dir, unicast + i); + if (ret < 0) + return false; + l_debug("RM Dev Key %s", key_file); remove(key_file); } @@ -361,18 +375,16 @@ static DIR *open_key_dir(const char *node_path, const char *key_dir_name) { char dir_path[PATH_MAX]; DIR *key_dir; + int ret; - if (strlen(node_path) + strlen(key_dir_name) + 1 >= PATH_MAX) + ret = snprintf(dir_path, PATH_MAX, "%s%s", node_path, key_dir_name); + if (ret < 0) return NULL; - snprintf(dir_path, PATH_MAX, "%s%s", node_path, key_dir_name); - key_dir = opendir(dir_path); - if (!key_dir) { + if (!key_dir) l_error("Failed to open keyring storage directory: %s", dir_path); - return NULL; - } return key_dir; } -- 2.35.3