From: Ingo Molnar <mingo@kernel.org>
To: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
x86@kernel.org, shuah@kernel.org,
Andrew Lutomirski <luto@kernel.org>
Subject: Re: [PATCH 2/5] selftests/x86: fix vDSO selftest segfault for vsyscall=none
Date: Sun, 11 Feb 2018 19:24:28 +0100 [thread overview]
Message-ID: <20180211182428.e7isprkt6hbuq3dk@gmail.com> (raw)
In-Reply-To: <20180211130029.GA23754@light.dominikbrodowski.net>
* Dominik Brodowski <linux@dominikbrodowski.net> wrote:
> On Sun, Feb 11, 2018 at 01:17:14PM +0100, Dominik Brodowski wrote:
> > On Sun, Feb 11, 2018 at 12:21:53PM +0100, Ingo Molnar wrote:
> > >
> > > * Dominik Brodowski <linux@dominikbrodowski.net> wrote:
> > >
> > > > + char name[128];
> > > > + if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
> > > > + &start, &end, &r, &x, name) != 5)
> > >
> > > So that's a buffer overflow waiting to happen, if a line in 'maps' gets too large,
> > > right?
> >
> > ... as does tools/testing/selftests/x86/test_vsyscall.c already now, right?
> > Will fix both up with an additional patch.
>
> Maybe no fix is needed after all: The fgets() call a few lines above
> limits "line" to 127 chars max. So "name" can't even get close to 128
> chars, right?
>
> char line[128];
> ...
> while (fgets(line, sizeof(line), maps)) {
Yeah, probably - but still, this connection and the sscanf() guarantee is not
obvious at first sight, so please improve this to derive from the same value
(define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line
that this is safe because strlen(name) >= strlen(line).
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: mingo at kernel.org (Ingo Molnar)
Subject: [Linux-kselftest-mirror] [PATCH 2/5] selftests/x86: fix vDSO selftest segfault for vsyscall=none
Date: Sun, 11 Feb 2018 19:24:28 +0100 [thread overview]
Message-ID: <20180211182428.e7isprkt6hbuq3dk@gmail.com> (raw)
In-Reply-To: <20180211130029.GA23754@light.dominikbrodowski.net>
* Dominik Brodowski <linux at dominikbrodowski.net> wrote:
> On Sun, Feb 11, 2018 at 01:17:14PM +0100, Dominik Brodowski wrote:
> > On Sun, Feb 11, 2018 at 12:21:53PM +0100, Ingo Molnar wrote:
> > >
> > > * Dominik Brodowski <linux at dominikbrodowski.net> wrote:
> > >
> > > > + char name[128];
> > > > + if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
> > > > + &start, &end, &r, &x, name) != 5)
> > >
> > > So that's a buffer overflow waiting to happen, if a line in 'maps' gets too large,
> > > right?
> >
> > ... as does tools/testing/selftests/x86/test_vsyscall.c already now, right?
> > Will fix both up with an additional patch.
>
> Maybe no fix is needed after all: The fgets() call a few lines above
> limits "line" to 127 chars max. So "name" can't even get close to 128
> chars, right?
>
> char line[128];
> ...
> while (fgets(line, sizeof(line), maps)) {
Yeah, probably - but still, this connection and the sscanf() guarantee is not
obvious at first sight, so please improve this to derive from the same value
(define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line
that this is safe because strlen(name) >= strlen(line).
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: mingo@kernel.org (Ingo Molnar)
Subject: [Linux-kselftest-mirror] [PATCH 2/5] selftests/x86: fix vDSO selftest segfault for vsyscall=none
Date: Sun, 11 Feb 2018 19:24:28 +0100 [thread overview]
Message-ID: <20180211182428.e7isprkt6hbuq3dk@gmail.com> (raw)
Message-ID: <20180211182428.BkYETHx7HU4p7Wwb1y3giq2u9gp6L180ECto4NEYgqI@z> (raw)
In-Reply-To: <20180211130029.GA23754@light.dominikbrodowski.net>
* Dominik Brodowski <linux@dominikbrodowski.net> wrote:
> On Sun, Feb 11, 2018@01:17:14PM +0100, Dominik Brodowski wrote:
> > On Sun, Feb 11, 2018@12:21:53PM +0100, Ingo Molnar wrote:
> > >
> > > * Dominik Brodowski <linux@dominikbrodowski.net> wrote:
> > >
> > > > + char name[128];
> > > > + if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
> > > > + &start, &end, &r, &x, name) != 5)
> > >
> > > So that's a buffer overflow waiting to happen, if a line in 'maps' gets too large,
> > > right?
> >
> > ... as does tools/testing/selftests/x86/test_vsyscall.c already now, right?
> > Will fix both up with an additional patch.
>
> Maybe no fix is needed after all: The fgets() call a few lines above
> limits "line" to 127 chars max. So "name" can't even get close to 128
> chars, right?
>
> char line[128];
> ...
> while (fgets(line, sizeof(line), maps)) {
Yeah, probably - but still, this connection and the sscanf() guarantee is not
obvious at first sight, so please improve this to derive from the same value
(define a LINE_MAX size or such), plus maybe add a comment to the sscanf() line
that this is safe because strlen(name) >= strlen(line).
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-02-11 18:24 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-11 11:10 [PATCH 0/5] selftests/x86: fixes for !CONFIG_IA32_EMULATION and vsyscall=none Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 11:10 ` linux
2018-02-11 11:10 ` [PATCH 1/5] selftests/x86: 5lvl test has been moved Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 11:10 ` linux
2018-02-11 12:13 ` [tip:x86/urgent] selftests/x86: Fix build bug caused by the 5lvl test which has been moved to the VM directory tip-bot for Dominik Brodowski
2018-02-13 9:05 ` [tip:x86/pti] " tip-bot for Dominik Brodowski
2018-02-11 11:10 ` [PATCH 2/5] selftests/x86: fix vDSO selftest segfault for vsyscall=none Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 11:10 ` linux
2018-02-11 11:21 ` Ingo Molnar
2018-02-11 11:21 ` [Linux-kselftest-mirror] " Ingo Molnar
2018-02-11 11:21 ` mingo
2018-02-11 12:17 ` Dominik Brodowski
2018-02-11 12:17 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 12:17 ` linux
2018-02-11 13:00 ` Dominik Brodowski
2018-02-11 13:00 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 13:00 ` linux
2018-02-11 18:24 ` Ingo Molnar [this message]
2018-02-11 18:24 ` Ingo Molnar
2018-02-11 18:24 ` mingo
2018-02-11 20:59 ` [PATCH] selftests/x86: clarify that there is no buffer overflow on sscanf usage Dominik Brodowski
2018-02-11 20:59 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 20:59 ` linux
2018-02-12 17:58 ` Shuah Khan
2018-02-12 17:58 ` [Linux-kselftest-mirror] " Shuah Khan
2018-02-12 17:58 ` shuah
2018-02-13 9:04 ` [tip:x86/pti] selftests/x86: Clean up and document sscanf() usage tip-bot for Dominik Brodowski
2018-02-13 9:04 ` [tip:x86/pti] selftests/x86: Fix vDSO selftest segfault for vsyscall=none tip-bot for Dominik Brodowski
2018-02-11 11:10 ` [PATCH 3/5] selftests/x86: do not rely on int $0x80 in test_mremap_vdso.c Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 11:10 ` linux
2018-02-11 12:13 ` [tip:x86/urgent] selftests/x86: Do not rely on "int $0x80" " tip-bot for Dominik Brodowski
2018-02-13 9:06 ` [tip:x86/pti] " tip-bot for Dominik Brodowski
2018-02-11 11:10 ` [PATCH 4/5] selftests/x86: do not rely on int $0x80 in single_step_syscall.c Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 11:10 ` linux
2018-02-11 12:14 ` [tip:x86/urgent] selftests/x86: Do not rely on "int $0x80" " tip-bot for Dominik Brodowski
2018-02-13 9:06 ` [tip:x86/pti] " tip-bot for Ingo Molnar
2018-02-15 0:25 ` tip-bot for Dominik Brodowski
2018-02-11 11:10 ` [PATCH 5/5] selftests/x86: disable tests requiring 32bit support on pure 64bit systems Dominik Brodowski
2018-02-11 11:10 ` [Linux-kselftest-mirror] " Dominik Brodowski
2018-02-11 11:10 ` linux
2018-02-11 12:14 ` [tip:x86/urgent] selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems tip-bot for Dominik Brodowski
2018-02-13 9:07 ` [tip:x86/pti] " tip-bot for Ingo Molnar
2018-02-15 0:25 ` tip-bot for Dominik Brodowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180211182428.e7isprkt6hbuq3dk@gmail.com \
--to=mingo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=luto@kernel.org \
--cc=shuah@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.