From: linux at dominikbrodowski.net (Dominik Brodowski) Subject: [Linux-kselftest-mirror] [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage Date: Sun, 11 Feb 2018 21:59:24 +0100 [thread overview] Message-ID: <20180211205924.GA23210@light.dominikbrodowski.net> (raw) In-Reply-To: <20180211182428.e7isprkt6hbuq3dk@gmail.com> Suggested-by: Ingo Molnar <mingo at kernel.org> CC: Andy Lutomirski <luto at kernel.org> Signed-off-by: Dominik Brodowski <linux at dominikbrodowski.net> --- > Yeah, probably - but still, this connection and the sscanf() guarantee is not > obvious at first sight, so please improve this to derive from the same value > (define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line > that this is safe because strlen(name) >= strlen(line). Sounds reasonable. Patch (which applies on top of the five patches for selftests/x86 I sent out earlier today) is attached. Thanks, Dominik diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c index 558c8207e7b9..7ade625f10ed 100644 --- a/tools/testing/selftests/x86/test_vdso.c +++ b/tools/testing/selftests/x86/test_vdso.c @@ -26,6 +26,9 @@ # endif #endif +/* max length of lines in /proc/self/maps - anything longer is skipped here */ +#define MAPS_LINE_LEN 128 + int nerrs = 0; typedef long (*getcpu_t)(unsigned *, unsigned *, void *); @@ -37,17 +40,19 @@ static void *vsyscall_getcpu(void) { #ifdef __x86_64__ FILE *maps; - char line[128]; + char line[MAPS_LINE_LEN]; bool found = false; maps = fopen("/proc/self/maps", "r"); if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */ return NULL; - while (fgets(line, sizeof(line), maps)) { + while (fgets(line, MAPS_LINE_LEN, maps)) { char r, x; void *start, *end; - char name[128]; + char name[MAPS_LINE_LEN]; + + /* sscanf is safe here as strlen(name) >= strlen(line) */ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s", &start, &end, &r, &x, name) != 5) continue; diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c index 7a744fa7b786..ee92e4727f18 100644 --- a/tools/testing/selftests/x86/test_vsyscall.c +++ b/tools/testing/selftests/x86/test_vsyscall.c @@ -33,6 +33,9 @@ # endif #endif +/* max length of lines in /proc/self/maps - anything longer is skipped here */ +#define MAPS_LINE_LEN 128 + static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), int flags) { @@ -98,7 +101,7 @@ static int init_vsys(void) #ifdef __x86_64__ int nerrs = 0; FILE *maps; - char line[128]; + char line[MAPS_LINE_LEN]; bool found = false; maps = fopen("/proc/self/maps", "r"); @@ -108,10 +111,12 @@ static int init_vsys(void) return 0; } - while (fgets(line, sizeof(line), maps)) { + while (fgets(line, MAPS_LINE_LEN, maps)) { char r, x; void *start, *end; - char name[128]; + char name[MAPS_LINE_LEN]; + + /* sscanf is safe here as strlen(name) >= strlen(line) */ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s", &start, &end, &r, &x, name) != 5) continue; -- To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: linux@dominikbrodowski.net (Dominik Brodowski) Subject: [Linux-kselftest-mirror] [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage Date: Sun, 11 Feb 2018 21:59:24 +0100 [thread overview] Message-ID: <20180211205924.GA23210@light.dominikbrodowski.net> (raw) Message-ID: <20180211205924._GWkVLtMs5VzuiOKEjnEvKdm-qIbzhpvdcJD6LQgvHw@z> (raw) In-Reply-To: <20180211182428.e7isprkt6hbuq3dk@gmail.com> Suggested-by: Ingo Molnar <mingo at kernel.org> CC: Andy Lutomirski <luto at kernel.org> Signed-off-by: Dominik Brodowski <linux at dominikbrodowski.net> --- > Yeah, probably - but still, this connection and the sscanf() guarantee is not > obvious at first sight, so please improve this to derive from the same value > (define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line > that this is safe because strlen(name) >= strlen(line). Sounds reasonable. Patch (which applies on top of the five patches for selftests/x86 I sent out earlier today) is attached. Thanks, Dominik diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c index 558c8207e7b9..7ade625f10ed 100644 --- a/tools/testing/selftests/x86/test_vdso.c +++ b/tools/testing/selftests/x86/test_vdso.c @@ -26,6 +26,9 @@ # endif #endif +/* max length of lines in /proc/self/maps - anything longer is skipped here */ +#define MAPS_LINE_LEN 128 + int nerrs = 0; typedef long (*getcpu_t)(unsigned *, unsigned *, void *); @@ -37,17 +40,19 @@ static void *vsyscall_getcpu(void) { #ifdef __x86_64__ FILE *maps; - char line[128]; + char line[MAPS_LINE_LEN]; bool found = false; maps = fopen("/proc/self/maps", "r"); if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */ return NULL; - while (fgets(line, sizeof(line), maps)) { + while (fgets(line, MAPS_LINE_LEN, maps)) { char r, x; void *start, *end; - char name[128]; + char name[MAPS_LINE_LEN]; + + /* sscanf is safe here as strlen(name) >= strlen(line) */ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s", &start, &end, &r, &x, name) != 5) continue; diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c index 7a744fa7b786..ee92e4727f18 100644 --- a/tools/testing/selftests/x86/test_vsyscall.c +++ b/tools/testing/selftests/x86/test_vsyscall.c @@ -33,6 +33,9 @@ # endif #endif +/* max length of lines in /proc/self/maps - anything longer is skipped here */ +#define MAPS_LINE_LEN 128 + static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), int flags) { @@ -98,7 +101,7 @@ static int init_vsys(void) #ifdef __x86_64__ int nerrs = 0; FILE *maps; - char line[128]; + char line[MAPS_LINE_LEN]; bool found = false; maps = fopen("/proc/self/maps", "r"); @@ -108,10 +111,12 @@ static int init_vsys(void) return 0; } - while (fgets(line, sizeof(line), maps)) { + while (fgets(line, MAPS_LINE_LEN, maps)) { char r, x; void *start, *end; - char name[128]; + char name[MAPS_LINE_LEN]; + + /* sscanf is safe here as strlen(name) >= strlen(line) */ if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s", &start, &end, &r, &x, name) != 5) continue; -- To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-02-11 20:59 UTC|newest] Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-02-11 11:10 [Linux-kselftest-mirror] [PATCH 0/5] selftests/x86: fixes for !CONFIG_IA32_EMULATION and vsyscall=none linux 2018-02-11 11:10 ` Dominik Brodowski 2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 1/5] selftests/x86: 5lvl test has been moved linux 2018-02-11 11:10 ` Dominik Brodowski 2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 2/5] selftests/x86: fix vDSO selftest segfault for vsyscall=none linux 2018-02-11 11:10 ` Dominik Brodowski 2018-02-11 11:21 ` mingo 2018-02-11 11:21 ` Ingo Molnar 2018-02-11 12:17 ` linux 2018-02-11 12:17 ` Dominik Brodowski 2018-02-11 13:00 ` linux 2018-02-11 13:00 ` Dominik Brodowski 2018-02-11 18:24 ` mingo 2018-02-11 18:24 ` Ingo Molnar 2018-02-11 20:59 ` linux [this message] 2018-02-11 20:59 ` [Linux-kselftest-mirror] [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage Dominik Brodowski 2018-02-12 17:58 ` shuah 2018-02-12 17:58 ` Shuah Khan 2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 3/5] selftests/x86: do not rely on int $0x80 in test_mremap_vdso.c linux 2018-02-11 11:10 ` Dominik Brodowski 2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 4/5] selftests/x86: do not rely on int $0x80 in single_step_syscall.c linux 2018-02-11 11:10 ` Dominik Brodowski 2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 5/5] selftests/x86: disable tests requiring 32bit support on pure 64bit systems linux 2018-02-11 11:10 ` Dominik Brodowski
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180211205924.GA23210@light.dominikbrodowski.net \ --to=linux-kselftest@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).