From: linux at dominikbrodowski.net (Dominik Brodowski)
Subject: [Linux-kselftest-mirror] [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage
Date: Sun, 11 Feb 2018 21:59:24 +0100 [thread overview]
Message-ID: <20180211205924.GA23210@light.dominikbrodowski.net> (raw)
In-Reply-To: <20180211182428.e7isprkt6hbuq3dk@gmail.com>
Suggested-by: Ingo Molnar <mingo at kernel.org>
CC: Andy Lutomirski <luto at kernel.org>
Signed-off-by: Dominik Brodowski <linux at dominikbrodowski.net>
---
> Yeah, probably - but still, this connection and the sscanf() guarantee is not
> obvious at first sight, so please improve this to derive from the same value
> (define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line
> that this is safe because strlen(name) >= strlen(line).
Sounds reasonable. Patch (which applies on top of the five patches for
selftests/x86 I sent out earlier today) is attached.
Thanks,
Dominik
diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c
index 558c8207e7b9..7ade625f10ed 100644
--- a/tools/testing/selftests/x86/test_vdso.c
+++ b/tools/testing/selftests/x86/test_vdso.c
@@ -26,6 +26,9 @@
# endif
#endif
+/* max length of lines in /proc/self/maps - anything longer is skipped here */
+#define MAPS_LINE_LEN 128
+
int nerrs = 0;
typedef long (*getcpu_t)(unsigned *, unsigned *, void *);
@@ -37,17 +40,19 @@ static void *vsyscall_getcpu(void)
{
#ifdef __x86_64__
FILE *maps;
- char line[128];
+ char line[MAPS_LINE_LEN];
bool found = false;
maps = fopen("/proc/self/maps", "r");
if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */
return NULL;
- while (fgets(line, sizeof(line), maps)) {
+ while (fgets(line, MAPS_LINE_LEN, maps)) {
char r, x;
void *start, *end;
- char name[128];
+ char name[MAPS_LINE_LEN];
+
+ /* sscanf is safe here as strlen(name) >= strlen(line) */
if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
&start, &end, &r, &x, name) != 5)
continue;
diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c
index 7a744fa7b786..ee92e4727f18 100644
--- a/tools/testing/selftests/x86/test_vsyscall.c
+++ b/tools/testing/selftests/x86/test_vsyscall.c
@@ -33,6 +33,9 @@
# endif
#endif
+/* max length of lines in /proc/self/maps - anything longer is skipped here */
+#define MAPS_LINE_LEN 128
+
static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
int flags)
{
@@ -98,7 +101,7 @@ static int init_vsys(void)
#ifdef __x86_64__
int nerrs = 0;
FILE *maps;
- char line[128];
+ char line[MAPS_LINE_LEN];
bool found = false;
maps = fopen("/proc/self/maps", "r");
@@ -108,10 +111,12 @@ static int init_vsys(void)
return 0;
}
- while (fgets(line, sizeof(line), maps)) {
+ while (fgets(line, MAPS_LINE_LEN, maps)) {
char r, x;
void *start, *end;
- char name[128];
+ char name[MAPS_LINE_LEN];
+
+ /* sscanf is safe here as strlen(name) >= strlen(line) */
if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
&start, &end, &r, &x, name) != 5)
continue;
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: linux@dominikbrodowski.net (Dominik Brodowski)
Subject: [Linux-kselftest-mirror] [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage
Date: Sun, 11 Feb 2018 21:59:24 +0100 [thread overview]
Message-ID: <20180211205924.GA23210@light.dominikbrodowski.net> (raw)
Message-ID: <20180211205924._GWkVLtMs5VzuiOKEjnEvKdm-qIbzhpvdcJD6LQgvHw@z> (raw)
In-Reply-To: <20180211182428.e7isprkt6hbuq3dk@gmail.com>
Suggested-by: Ingo Molnar <mingo at kernel.org>
CC: Andy Lutomirski <luto at kernel.org>
Signed-off-by: Dominik Brodowski <linux at dominikbrodowski.net>
---
> Yeah, probably - but still, this connection and the sscanf() guarantee is not
> obvious at first sight, so please improve this to derive from the same value
> (define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line
> that this is safe because strlen(name) >= strlen(line).
Sounds reasonable. Patch (which applies on top of the five patches for
selftests/x86 I sent out earlier today) is attached.
Thanks,
Dominik
diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c
index 558c8207e7b9..7ade625f10ed 100644
--- a/tools/testing/selftests/x86/test_vdso.c
+++ b/tools/testing/selftests/x86/test_vdso.c
@@ -26,6 +26,9 @@
# endif
#endif
+/* max length of lines in /proc/self/maps - anything longer is skipped here */
+#define MAPS_LINE_LEN 128
+
int nerrs = 0;
typedef long (*getcpu_t)(unsigned *, unsigned *, void *);
@@ -37,17 +40,19 @@ static void *vsyscall_getcpu(void)
{
#ifdef __x86_64__
FILE *maps;
- char line[128];
+ char line[MAPS_LINE_LEN];
bool found = false;
maps = fopen("/proc/self/maps", "r");
if (!maps) /* might still be present, but ignore it here, as we test vDSO not vsyscall */
return NULL;
- while (fgets(line, sizeof(line), maps)) {
+ while (fgets(line, MAPS_LINE_LEN, maps)) {
char r, x;
void *start, *end;
- char name[128];
+ char name[MAPS_LINE_LEN];
+
+ /* sscanf is safe here as strlen(name) >= strlen(line) */
if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
&start, &end, &r, &x, name) != 5)
continue;
diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c
index 7a744fa7b786..ee92e4727f18 100644
--- a/tools/testing/selftests/x86/test_vsyscall.c
+++ b/tools/testing/selftests/x86/test_vsyscall.c
@@ -33,6 +33,9 @@
# endif
#endif
+/* max length of lines in /proc/self/maps - anything longer is skipped here */
+#define MAPS_LINE_LEN 128
+
static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
int flags)
{
@@ -98,7 +101,7 @@ static int init_vsys(void)
#ifdef __x86_64__
int nerrs = 0;
FILE *maps;
- char line[128];
+ char line[MAPS_LINE_LEN];
bool found = false;
maps = fopen("/proc/self/maps", "r");
@@ -108,10 +111,12 @@ static int init_vsys(void)
return 0;
}
- while (fgets(line, sizeof(line), maps)) {
+ while (fgets(line, MAPS_LINE_LEN, maps)) {
char r, x;
void *start, *end;
- char name[128];
+ char name[MAPS_LINE_LEN];
+
+ /* sscanf is safe here as strlen(name) >= strlen(line) */
if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
&start, &end, &r, &x, name) != 5)
continue;
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-02-11 20:59 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-11 11:10 [Linux-kselftest-mirror] [PATCH 0/5] selftests/x86: fixes for !CONFIG_IA32_EMULATION and vsyscall=none linux
2018-02-11 11:10 ` Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 1/5] selftests/x86: 5lvl test has been moved linux
2018-02-11 11:10 ` Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 2/5] selftests/x86: fix vDSO selftest segfault for vsyscall=none linux
2018-02-11 11:10 ` Dominik Brodowski
2018-02-11 11:21 ` mingo
2018-02-11 11:21 ` Ingo Molnar
2018-02-11 12:17 ` linux
2018-02-11 12:17 ` Dominik Brodowski
2018-02-11 13:00 ` linux
2018-02-11 13:00 ` Dominik Brodowski
2018-02-11 18:24 ` mingo
2018-02-11 18:24 ` Ingo Molnar
2018-02-11 20:59 ` linux [this message]
2018-02-11 20:59 ` [Linux-kselftest-mirror] [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage Dominik Brodowski
2018-02-12 17:58 ` shuah
2018-02-12 17:58 ` Shuah Khan
2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 3/5] selftests/x86: do not rely on int $0x80 in test_mremap_vdso.c linux
2018-02-11 11:10 ` Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 4/5] selftests/x86: do not rely on int $0x80 in single_step_syscall.c linux
2018-02-11 11:10 ` Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] [PATCH 5/5] selftests/x86: disable tests requiring 32bit support on pure 64bit systems linux
2018-02-11 11:10 ` Dominik Brodowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180211205924.GA23210@light.dominikbrodowski.net \
--to=linux-kselftest@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).