From: Kees Cook <keescook@chromium•org>
To: Christoph Hellwig <hch@infradead•org>
Cc: peterz@infradead•org, linux@rasmusvillemoes•dk,
linux-kernel@vger•kernel.org, paulus@samba•org,
linux-hexagon@vger•kernel.org, agordeev@linux•ibm.com,
will@kernel•org, linux-s390@vger•kernel.org,
daniel.thompson@linaro•org, arnd@arndb•de,
linux-scsi@vger•kernel.org, onkarnath.1@samsung•com,
anil.s.keshavamurthy@intel•com, kartilak@cisco•com,
kgdb-bugreport@lists•sourceforge.net, naveen.n.rao@linux•ibm.com,
longman@redhat•com, borntraeger@linux•ibm.com,
jejb@linux•ibm.com, mhiramat@kernel•org, v.narang@samsung•com,
pmladek@suse•com, satishkh@cisco•com, boqun.feng@gmail•com,
gor@linux•ibm.com, hca@linux•ibm.com, rostedt@goodmis•org,
linux-fsdevel@vger•kernel.org, andriy.shevchenko@linux•intel.com,
mingo@redhat•com, bcain@quicinc•com, martin.petersen@oracle•com,
dianders@chromium•org, sebaddel@cisco•com,
senozhatsky@chromium•org, mcgrof@kernel•org, svens@linux•ibm.com,
jason.wessel@windriver•com,
Maninder Singh <maninder1.s@samsung•com>,
akpm@linux-foundation•org, linuxppc-dev@lists•ozlabs.org,
davem@davemloft•net, linux-modules@vger•kernel.org
Subject: Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf
Date: Mon, 23 May 2022 12:39:12 -0700 [thread overview]
Message-ID: <202205231238.FAF6D28@keescook> (raw)
In-Reply-To: <YonTOL4zC4CytVrn@infradead.org>
On Sat, May 21, 2022 at 11:07:52PM -0700, Christoph Hellwig wrote:
> On Fri, May 20, 2022 at 02:06:56PM +0530, Maninder Singh wrote:
> > kallsyms functionality depends on KSYM_NAME_LEN directly.
> > but if user passed array length lesser than it, sprintf
> > can cause issues of buffer overflow attack.
> >
> > So changing *sprint* and *lookup* APIs in this patch set
> > to have buffer size as an argument and replacing sprintf with
> > scnprintf.
>
> This is still a pretty horrible API. Passing something like
> a struct seq_buf seems like the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.
Yeah, I agree. It really seems like seq_buf would be nicer.
--
Kees Cook
next prev parent reply other threads:[~2022-05-23 19:39 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20220520083715epcas5p400b11adef4d540756c985feb20ba29bc@epcas5p4.samsung.com>
2022-05-20 8:36 ` [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf Maninder Singh
2022-05-20 8:36 ` [PATCH 1/5] kallsyms: pass buffer size in sprint_* APIs Maninder Singh
2022-05-20 19:52 ` Waiman Long
2022-05-22 9:43 ` Andy Shevchenko
2022-05-20 8:36 ` [PATCH 2/5] kallsyms: replace sprintf with scnprintf Maninder Singh
2022-05-20 8:36 ` [PATCH 3/5] arch:hexagon/powerpc: use KSYM_NAME_LEN as array size Maninder Singh
2022-05-20 8:37 ` [PATCH 4/5] kallsyms: pass buffer size argument in *lookup* APIs Maninder Singh
2022-05-20 8:37 ` [PATCH 5/5] kallsyms: remove unsed API lookup_symbol_attrs Maninder Singh
2022-05-22 6:07 ` [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf Christoph Hellwig
2022-05-23 19:39 ` Kees Cook [this message]
2022-06-15 8:01 ` Petr Mladek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202205231238.FAF6D28@keescook \
--to=keescook@chromium$(echo .)org \
--cc=agordeev@linux$(echo .)ibm.com \
--cc=akpm@linux-foundation$(echo .)org \
--cc=andriy.shevchenko@linux$(echo .)intel.com \
--cc=anil.s.keshavamurthy@intel$(echo .)com \
--cc=arnd@arndb$(echo .)de \
--cc=bcain@quicinc$(echo .)com \
--cc=boqun.feng@gmail$(echo .)com \
--cc=borntraeger@linux$(echo .)ibm.com \
--cc=daniel.thompson@linaro$(echo .)org \
--cc=davem@davemloft$(echo .)net \
--cc=dianders@chromium$(echo .)org \
--cc=gor@linux$(echo .)ibm.com \
--cc=hca@linux$(echo .)ibm.com \
--cc=hch@infradead$(echo .)org \
--cc=jason.wessel@windriver$(echo .)com \
--cc=jejb@linux$(echo .)ibm.com \
--cc=kartilak@cisco$(echo .)com \
--cc=kgdb-bugreport@lists$(echo .)sourceforge.net \
--cc=linux-fsdevel@vger$(echo .)kernel.org \
--cc=linux-hexagon@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-modules@vger$(echo .)kernel.org \
--cc=linux-s390@vger$(echo .)kernel.org \
--cc=linux-scsi@vger$(echo .)kernel.org \
--cc=linux@rasmusvillemoes$(echo .)dk \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
--cc=longman@redhat$(echo .)com \
--cc=maninder1.s@samsung$(echo .)com \
--cc=martin.petersen@oracle$(echo .)com \
--cc=mcgrof@kernel$(echo .)org \
--cc=mhiramat@kernel$(echo .)org \
--cc=mingo@redhat$(echo .)com \
--cc=naveen.n.rao@linux$(echo .)ibm.com \
--cc=onkarnath.1@samsung$(echo .)com \
--cc=paulus@samba$(echo .)org \
--cc=peterz@infradead$(echo .)org \
--cc=pmladek@suse$(echo .)com \
--cc=rostedt@goodmis$(echo .)org \
--cc=satishkh@cisco$(echo .)com \
--cc=sebaddel@cisco$(echo .)com \
--cc=senozhatsky@chromium$(echo .)org \
--cc=svens@linux$(echo .)ibm.com \
--cc=v.narang@samsung$(echo .)com \
--cc=will@kernel$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox