Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf

From: Kees Cook
Date: Mon May 23 2022 - 15:43:54 EST

Next message: Rafael J. Wysocki: "[GIT PULL] Thermal control updates for v5.19-rc1"
Previous message: Kees Cook: "Re: [PATCH v2] sysctl: handle table->maxlen properly for proc_dobool"
In reply to: Christoph Hellwig: "Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, May 21, 2022 at 11:07:52PM -0700, Christoph Hellwig wrote:
> On Fri, May 20, 2022 at 02:06:56PM +0530, Maninder Singh wrote:
> > kallsyms functionality depends on KSYM_NAME_LEN directly.
> > but if user passed array length lesser than it, sprintf
> > can cause issues of buffer overflow attack.
> >
> > So changing *sprint* and *lookup* APIs in this patch set
> > to have buffer size as an argument and replacing sprintf with
> > scnprintf.
>
> This is still a pretty horrible API. Passing something like
> a struct seq_buf seems like the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.

Yeah, I agree. It really seems like seq_buf would be nicer.

--
Kees Cook

Next message: Rafael J. Wysocki: "[GIT PULL] Thermal control updates for v5.19-rc1"
Previous message: Kees Cook: "Re: [PATCH v2] sysctl: handle table->maxlen properly for proc_dobool"
In reply to: Christoph Hellwig: "Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]