All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Chen Gang <gang.chen-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org>
Cc: Shirish Pargaonkar
	<shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
	Steve French <sfrench-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>,
	linux-cifs <linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	samba-technical
	<samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org>
Subject: Re: [PATCH] cifs: extend the buffer length enought for sprintf() using
Date: Wed, 17 Jul 2013 21:25:59 -0400	[thread overview]
Message-ID: <20130717212559.71b7af06@corrin.poochiereds.net> (raw)
In-Reply-To: <51E73F1E.4010804-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org>

On Thu, 18 Jul 2013 09:04:30 +0800
Chen Gang <gang.chen-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org> wrote:

> On 07/17/2013 07:24 PM, Jeff Layton wrote:
> > On Tue, 16 Jul 2013 22:47:35 -0500
> > Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > 
> >> nitpicking...
> >>
> >> Should it be MAX_CIFS_DOMAINNAME instead of MAX_CIF_DOMAINNAME,
> >> unless CIF is short for something here?
> >>
> >> Regards,
> >>
> >> Shirish
> >>
> > 
> > Even better...
> > 
> > We already have a MAX_USERNAME_SIZE. Maybe call it MAX_DOMAINNAME_SIZE
> > for parity with that? Might also want to relocate the #define next to
> > that one since it would be helpful to have all of those lengths grouped
> > in the same place.
> > 
> 
> It sounds reasonable: use MAX_DOMAINNAME_SIZE instead of
> MAX_CIFS_DOMAINNAME.
> 
> 
> >> On Tue, Jul 16, 2013 at 7:48 PM, Chen Gang <gang.chen-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org> wrote:
> >>> For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length
> >>> is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName'
> >>> length may be "255 + '\0'".
> >>>
> >>> The related sprintf() may cause memory overflow, so need extend related
> >>> buffer enough to hold all things.
> >>>
> > 
> > Good catch...
> > 
> > Maybe it would be good to go ahead and turn that sprintf() into a
> > snprintf() too?
> > 
> 
> Hmm... sprintf() declares to code readers, in current condition, we want
> to print all source information without any truncation.
> 
> So if we know the source max length precisely, we'd better to allocate
> the related buffer to print them all instead of use snprintf().
> 
> If we do not know the source max length precisely or we have to limit
> the destination length, we need use snprintf() to fit with destination
> max length (declare to the code readers, the source information may be
> truncated).
> 
> 

Fair enough. It was more of a suggestion for defensive coding. But
since we know the length of both buffers and that the source is NULL
terminated, then sprintf is fine.

Patch looks fine to me otherwise.

Acked-by: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

  parent reply	other threads:[~2013-07-18  1:25 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-17  0:48 [PATCH] cifs: extend the buffer length enought for sprintf() using Chen Gang
     [not found] ` <51E5E9DA.8020603-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org>
2013-07-17  1:58   ` Scott Lovenberg
     [not found]     ` <CAFB9KM2nJEt-O+o=4bkxNMJ2Fr0TfjkpRF=7B98=Lp9zFu8_og-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-17  2:06       ` Steve French
     [not found]         ` <CAH2r5msQEbQWpE+wqEoLY_++=ywDVoAg_vmWB3kJG8=ECHC3Pg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-17  2:11           ` Chen Gang
2013-07-17 18:27           ` Scott Lovenberg
     [not found]             ` <CAFB9KM0rEDyE6hb8t-gDLTDKq9kaRr4Bhs7SLBEZTnyH5u5U-A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-18  1:08               ` Chen Gang
2013-07-18  6:47                 ` Scott Lovenberg
     [not found]                   ` <CAFB9KM2MbLuETpoN9wafZLq6B9StjtXnG15G16uGcOcnRM8+sA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-19  1:01                     ` [PATCH v2] " Chen Gang
     [not found]                       ` <51E88FF0.2010101-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org>
2013-07-19 10:45                         ` Jeff Layton
     [not found]                           ` <20130719064531.2a9836f5-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2013-07-19 15:46                             ` Steve French
     [not found]                               ` <CAH2r5mvccBQRikYbbUppmbCO1naSOOMJ+wVWxQEQBxhDdmnP_w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-19 16:18                                 ` Steve French
2013-07-22  1:21                                 ` Chen Gang
     [not found]                                   ` <51EC890D.7010306-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org>
2013-07-31  4:59                                     ` Steve French
     [not found]                                       ` <CAH2r5mvPC0jiSDh5qTgerEV3JnRwcPPkKvnbT1QCO0CGiVngjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-31 15:55                                         ` Scott Lovenberg
2013-07-22  0:29                             ` Chen Gang
2013-07-17  2:07       ` [PATCH] " Chen Gang
2013-07-19 17:51       ` Jeff Layton
     [not found]         ` <20130719135115.2ebff0cd-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2013-07-19 19:32           ` Scott Lovenberg
     [not found]             ` <CAFB9KM1cP1rvnO66+9kz+zVhVOf+C-dAR7mVMx_uX9hT-ORLsw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-19 19:48               ` Jeff Layton
2013-07-17  3:47   ` Shirish Pargaonkar
     [not found]     ` <CADT32e+Ydg5N8uWyvCKee8n4iS34LcCFgE1nrC2S8bq7GnA-hg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-07-17  3:54       ` Steve French
2013-07-17  4:21       ` Chen Gang
2013-07-17 11:24       ` Jeff Layton
     [not found]         ` <20130717072431.5d8a22b3-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2013-07-18  1:04           ` Chen Gang
     [not found]             ` <51E73F1E.4010804-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org>
2013-07-18  1:25               ` Jeff Layton [this message]
     [not found]                 ` <20130717212559.71b7af06-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2013-07-18  1:31                   ` Chen Gang
2013-10-06  0:49                   ` Chen Gang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130717212559.71b7af06@corrin.poochiereds.net \
    --to=jlayton-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
    --cc=gang.chen-bOixZGp5f+dBDgjK7y7TUQ@public.gmane.org \
    --cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
    --cc=sfrench-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
    --cc=shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.