Re: [PATCH 03/10] scsi: NCR5380: Replace snprintf() with the safer scnprintf() variant

From: Kees Cook
Date: Sat Feb 10 2024 - 02:18:40 EST

Next message: Kees Cook: "Re: [PATCH v2] x86/tdx: replace deprecated strncpy with strtomem_pad"
Previous message: Kees Cook: "Re: [PATCH 10/10] scsi: arcmsr: Remove snprintf() from sysfs call-backs and replace with sysfs_emit()"
In reply to: James Bottomley: "Re: [PATCH 03/10] scsi: NCR5380: Replace snprintf() with the safer scnprintf() variant"
Next in thread: Lee Jones: "[PATCH 04/10] scsi: aacraid: linit: Remove snprintf() from sysfs call-backs and replace with sysfs_emit()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 08, 2024 at 08:44:15AM +0000, Lee Jones wrote:
> There is a general misunderstanding amongst engineers that {v}snprintf()
> returns the length of the data *actually* encoded into the destination
> array. However, as per the C99 standard {v}snprintf() really returns
> the length of the data that *would have been* written if there were
> enough space for it. This misunderstanding has led to buffer-overruns
> in the past. It's generally considered safer to use the {v}scnprintf()
> variants in their place (or even sprintf() in simple cases). So let's
> do that.
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <lee@xxxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH v2] x86/tdx: replace deprecated strncpy with strtomem_pad"
Previous message: Kees Cook: "Re: [PATCH 10/10] scsi: arcmsr: Remove snprintf() from sysfs call-backs and replace with sysfs_emit()"
In reply to: James Bottomley: "Re: [PATCH 03/10] scsi: NCR5380: Replace snprintf() with the safer scnprintf() variant"
Next in thread: Lee Jones: "[PATCH 04/10] scsi: aacraid: linit: Remove snprintf() from sysfs call-backs and replace with sysfs_emit()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]