Re: [PATCH] kconfig: use snprintf for formatting pathnames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 11, 2019 at 4:28 AM Jacob Garber <jgarber1@xxxxxxxxxxx> wrote:
>
> Valid pathnames will never exceed PATH_MAX, but these file names
> are unsanitized and can cause buffer overflow if set incorrectly.
> Use snprintf to avoid this. This was flagged during a Coverity scan
> of the coreboot project, which also uses kconfig for its build system.
>
> Signed-off-by: Jacob Garber <jgarber1@xxxxxxxxxxx>
> ---
>  scripts/kconfig/confdata.c | 7 ++++---
>  scripts/kconfig/lexer.l    | 3 ++-
>  2 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
> index 08ba146a8..847fe428a 100644
> --- a/scripts/kconfig/confdata.c
> +++ b/scripts/kconfig/confdata.c
> @@ -194,7 +194,7 @@ char *conf_get_default_confname(void)
>         name = expand_string(conf_defname);
>         env = getenv(SRCTREE);
>         if (env) {
> -               sprintf(fullname, "%s/%s", env, name);
> +               snprintf(fullname, sizeof(fullname), "%s/%s", env, name);
>                 if (is_present(fullname))
>                         return fullname;
>         }


Replacing sprintf() with snprintf() is correct
although I think this if-conditional has no sense
in the first place.

The returned string from conf_get_default_confname()
will be passed to zconf_fopen().
So, SRCTREE/ will be prepended anyway.


I was wondering about applying a small fix like this
to already wrong code, but I decided to picked it up.

BTW, this function has one more bug.
expand_string() must be free'd. So it is memory leak.
I will not fix it because I will remove this function sooner or later.



> @@ -843,10 +843,11 @@ int conf_write(const char *name)
>         } else
>                 basename = conf_get_configname();
>
> -       sprintf(newname, "%s%s", dirname, basename);
> +       snprintf(newname, sizeof(newname), "%s%s", dirname, basename);
>         env = getenv("KCONFIG_OVERWRITECONFIG");
>         if (!env || !*env) {
> -               sprintf(tmpname, "%s.tmpconfig.%d", dirname, (int)getpid());
> +               snprintf(tmpname, sizeof(tmpname),
> +                        "%s.tmpconfig.%d", dirname, (int)getpid());
>                 out = fopen(tmpname, "w");
>         } else {
>                 *tmpname = 0;


I do not need this hunk.

I had already posted this:
https://patchwork.kernel.org/patch/10938255/

When I touched this hunk, I used snprintf().


> diff --git a/scripts/kconfig/lexer.l b/scripts/kconfig/lexer.l
> index c9df1c8b9..6354c905b 100644
> --- a/scripts/kconfig/lexer.l
> +++ b/scripts/kconfig/lexer.l
> @@ -378,7 +378,8 @@ FILE *zconf_fopen(const char *name)
>         if (!f && name != NULL && name[0] != '/') {
>                 env = getenv(SRCTREE);
>                 if (env) {
> -                       sprintf(fullname, "%s/%s", env, name);
> +                       snprintf(fullname, sizeof(fullname),
> +                                "%s/%s", env, name);
>                         f = fopen(fullname, "r");
>                 }
>         }


This function will stay, so I will apply.

Thanks.




--
Best Regards
Masahiro Yamada



[Index of Archives]     [Linux&nblp;USB Development]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite Secrets]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux