Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl@xxxxxxxxxxx):
>>
>> serue@xxxxxxxxxx wrote:
>>> From: Serge E. Hallyn <serue@xxxxxxxxxx>
[...]
>>> + */
>>> + alloclen = 37 + 8 * strlen(fmt);
>> This calculation assumed that @fmt had only format string...
>> At the very minimum you could take strlen(fmt)/3 (+1 to round up)
>
> Yeah, I didn't want to think about that in detail yet :)
>
>> I thought you were going to use a @ctx->buffer or something ?
>
> And I am, for my string. We need one for the expanded fmt here,
> and then one to snprintf the final string into so we can write it
> out.
>
> Shall I just add a @ctx->fmtbuf?
Sure.
>
>>> + format = kzalloc(alloclen, GFP_KERNEL);
>>> + if (!format)
>>> + return NULL;
>>> +
>>> + for (; *fmt; fmt++) {
>>> + BUG_ON(len > alloclen);
>>> + if (*fmt != '%' || fmt[1] != '(' || fmt[3] != ')') {
>> This is still a bit risky .. how about adding
>> || fmt[2] == '\0'
>> between the 2nd and 3rd test ?
>
> Well I can do that, but since we provide the fmt strings and there is
> no risk for an information leak I didn't think it was worth making
> the line even longer. But ok, I'll add it...
Well, if a developer gives a string like "hello %(", then you
will potentially go past the end of the string and eventually
crash (or worse).
Oren.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
