On Thu, 08 Feb 2024, Petr Mladek wrote:
> On Tue 2024-01-30 15:53:36, Lee Jones wrote:
> > On Tue, 30 Jan 2024, Rasmus Villemoes wrote:
> > > On 30/01/2024 16.07, Lee Jones wrote:
> > > > On Mon, 29 Jan 2024, Lee Jones wrote:
> > > >> On Mon, 29 Jan 2024, David Laight wrote:
> > > snprintf()
On Tue 2024-01-30 15:53:36, Lee Jones wrote:
> On Tue, 30 Jan 2024, Rasmus Villemoes wrote:
> > On 30/01/2024 16.07, Lee Jones wrote:
> > > On Mon, 29 Jan 2024, Lee Jones wrote:
> > >> On Mon, 29 Jan 2024, David Laight wrote:
> > snprintf() does this and has been proven to cause
On Tue, 30 Jan 2024, Kees Cook wrote:
> On Tue, Jan 30, 2024 at 04:18:42PM +0100, Rasmus Villemoes wrote:
> > So here scnprint() would have returned 1, leaving size at 1. scnprintf()
> > has the invariant that, for non-zero size, the return value is strictly
> > less than that size, so when
On Tue, Jan 30, 2024 at 04:18:42PM +0100, Rasmus Villemoes wrote:
> So here scnprint() would have returned 1, leaving size at 1. scnprintf()
> has the invariant that, for non-zero size, the return value is strictly
> less than that size, so when passed a size of 1, all subsequent calls
> return 0
On Tue, 30 Jan 2024, Rasmus Villemoes wrote:
> On 30/01/2024 16.07, Lee Jones wrote:
> > On Mon, 29 Jan 2024, Lee Jones wrote:
> >
> >> On Mon, 29 Jan 2024, David Laight wrote:
> >>
> >>> ...
> > I'm sure that the safest return for 'truncated' is the buffer length.
> > The a series of
On 30/01/2024 16.07, Lee Jones wrote:
> On Mon, 29 Jan 2024, Lee Jones wrote:
>
>> On Mon, 29 Jan 2024, David Laight wrote:
>>
>>> ...
> I'm sure that the safest return for 'truncated' is the buffer length.
> The a series of statements like:
> buf += xxx(buf, buf_end - buf, .);
On Mon, 29 Jan 2024, Lee Jones wrote:
> On Mon, 29 Jan 2024, David Laight wrote:
>
> > ...
> > > > I'm sure that the safest return for 'truncated' is the buffer length.
> > > > The a series of statements like:
> > > > buf += xxx(buf, buf_end - buf, .);
> > > > can all be called with
On Mon, 29 Jan 2024, David Laight wrote:
> ...
> > > I'm sure that the safest return for 'truncated' is the buffer length.
> > > The a series of statements like:
> > > buf += xxx(buf, buf_end - buf, .);
> > > can all be called with a single overflow check at the end.
> > >
> > > Forget the
...
> > I'm sure that the safest return for 'truncated' is the buffer length.
> > The a series of statements like:
> > buf += xxx(buf, buf_end - buf, .);
> > can all be called with a single overflow check at the end.
> >
> > Forget the check, and the length just contains a trailing '\0'
>
Please discard - missing version identifier in the subject line.
New version here:
https://lore.kernel.org/r/20240129092952.1980246-1-...@kernel.org
--
Lee Jones [李琼斯]
There is an ongoing effort to replace the use of {v}snprintf() variants
with safer alternatives - for a more in depth view, see Jon's write-up
on LWN [0] and/or Alex's on the Kernel Self Protection Project [1].
Whist executing the task, it quickly became apparent that the initial
thought of
NB: I was _just_ about to send out v2 with Rasmus's suggestions before I
saw your reply. I'm going to submit it anyway and Cc both you and
Rasmus. If you still disagree with my suggested approach, we can either
continue discussion here or on the new version.
More below:
> From: Lee Jones
> >
From: Lee Jones
> Sent: 25 January 2024 10:36
> On Thu, 25 Jan 2024, Rasmus Villemoes wrote:
>
> > On 25/01/2024 09.39, Lee Jones wrote:
> > > There is an ongoing effort to replace the use of {v}snprintf() variants
> > > with safer alternatives - for a more in depth view, see Jon's write-up
> > >
On Thu, 25 Jan 2024, Rasmus Villemoes wrote:
> On 25/01/2024 09.39, Lee Jones wrote:
> > There is an ongoing effort to replace the use of {v}snprintf() variants
> > with safer alternatives - for a more in depth view, see Jon's write-up
> > on LWN [0] and/or Alex's on the Kernel Self Protection
On 25/01/2024 09.39, Lee Jones wrote:
> There is an ongoing effort to replace the use of {v}snprintf() variants
> with safer alternatives - for a more in depth view, see Jon's write-up
> on LWN [0] and/or Alex's on the Kernel Self Protection Project [1].
>
> Whist executing the task, it quickly
There is an ongoing effort to replace the use of {v}snprintf() variants
with safer alternatives - for a more in depth view, see Jon's write-up
on LWN [0] and/or Alex's on the Kernel Self Protection Project [1].
Whist executing the task, it quickly became apparent that the initial
thought of
16 matches
Mail list logo