RE: [PATCH] netfilter: fix stringop-overflow warning with UBSAN

From: Jozsef Kadlecsik
Date: Wed Oct 04 2017 - 14:10:11 EST

Next message: Steven Rostedt: "Re: [PATCH v3 25/33] tracing: Allow whitespace to surround hist trigger filter"
Previous message: Yang Shi: "Re: [PATCH 3/3] mm: oom: show unreclaimable slab info when unreclaimable slabs > user memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

[Sorry, at holiday I just cursory watched the mailing lists.]

On Tue, 1 Aug 2017, David Laight wrote:

> From: Arnd Bergmann
> > Sent: 31 July 2017 11:09
> > Using gcc-7 with UBSAN enabled, we get this false-positive warning:
> >
> > net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get':
> > net/netfilter/ipset/ip_set_core.c:1998:3: error: 'strncpy' writing 32 bytes into a region of size 2
> > overflows the destination [-Werror=stringop-overflow=]
> > strncpy(req_get->set.name, set ? set->name : "",
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > sizeof(req_get->set.name));
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > This seems completely bogus, and I could not find a nice workaround.
> > To work around it in a less elegant way, I change the ?: operator
> > into an if()/else() construct.
> >
> > Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> > ---
> > net/netfilter/ipset/ip_set_core.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
> > index e495b5e484b1..d7ebb021003b 100644
> > --- a/net/netfilter/ipset/ip_set_core.c
> > +++ b/net/netfilter/ipset/ip_set_core.c
> > @@ -1995,8 +1995,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
> > }
> > nfnl_lock(NFNL_SUBSYS_IPSET);
> > set = ip_set(inst, req_get->set.index);
> > - strncpy(req_get->set.name, ,
> > - IPSET_MAXNAMELEN);
> > + if (set)
> > + strncpy(req_get->set.name, set->name,
> > + sizeof(req_get->set.name));
> > + else
> > + memset(req_get->set.name, '\0',
> > + sizeof(req_get->set.name));
>
> If you use strncpy() here, the compiler might optimise the code
> back to 'how it was before'.
>
> Or, maybe an explicit temporary: 'const char *name = set ? set->name : "";

I think the best to go with the explicit temporary variable. The if-else
construct is too much for such a case.

Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary

Next message: Steven Rostedt: "Re: [PATCH v3 25/33] tracing: Allow whitespace to surround hist trigger filter"
Previous message: Yang Shi: "Re: [PATCH 3/3] mm: oom: show unreclaimable slab info when unreclaimable slabs > user memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]