From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 85A6B5A004E for ; Sat, 29 Jun 2024 11:36:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1719653782; bh=I2d2QbLG++xY/4YTZiUO9bdJQyrZxli+8EJihGWSd8o=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DeblzSVAQKRBrHtpv87Te4GWhwiQCFm6rmMHKRpuCQN5Hrw/vllk8jgk4va3pS4iZ HQ2J4Av4AYQVK04+32yHSlGV/eMVpbOlCodQ52zu0JswChTLCtKyIJG3vqOEN7RRPr YVTYtnNeMumnV7+nk+25Yw0ALolNLWOtKUCwoKEXxA6eJA53wt5GrRiDkri3zSNNc0 r9cwkb8h8GnAQsMq/OcEaH1TRQ4Ia2ZhwZPIg+n9boEeNGYJpdiMKzlQcN4iwCRIEf mD7cwZIwjsBjnaoOaWtKbAprI+KhAY9XPu732EsUQE1yhsnMiUY9jrM8C/kCmBLX0x wRUA6mkNTLH7A== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WB6d23fj7z4wny; Sat, 29 Jun 2024 19:36:22 +1000 (AEST) Date: Sat, 29 Jun 2024 19:36:16 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v2 5/5] conf: Use the right maximum buffer size for c->sock_path Message-ID: References: <20240627204641.4046184-1-sbrivio@redhat.com> <20240627204641.4046184-6-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OJ1KFLCMxwKuaQrg" Content-Disposition: inline In-Reply-To: <20240627204641.4046184-6-sbrivio@redhat.com> Message-ID-Hash: D4CXNLJAQYOV2DVY2DKDIXOXMONLBSQV X-Message-ID-Hash: D4CXNLJAQYOV2DVY2DKDIXOXMONLBSQV X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Matej Hrica X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --OJ1KFLCMxwKuaQrg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 27, 2024 at 10:46:41PM +0200, Stefano Brivio wrote: > UNIX_SOCK_MAX is the maximum number we'll append to the socket path > if we generate it automatically. If it's given on the command line, > it can be up to UNIX_PATH_MAX (including the terminating character) > long. >=20 > UNIX_SOCK_MAX happened to kind of fit because it's 100 (instead of > 108). >=20 > Commit ceddcac74a6e ("conf, tap: False "Buffer not null terminated" > positives, CWE-170") fixed the wrong problem: the right fix for the > problem at hand was actually commit cc287af173ca ("conf: Fix > incorrect bounds checking for sock_path parameter"). >=20 > Fixes: ceddcac74a6e ("conf, tap: False "Buffer not null terminated" posit= ives, CWE-170") > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > conf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/conf.c b/conf.c > index 9e47e9a..3c38ceb 100644 > --- a/conf.c > +++ b/conf.c > @@ -1398,7 +1398,7 @@ void conf(struct ctx *c, int argc, char **argv) > c->foreground =3D 1; > break; > case 's': > - ret =3D snprintf(c->sock_path, UNIX_SOCK_MAX - 1, "%s", > + ret =3D snprintf(c->sock_path, sizeof(c->sock_path), "%s", > optarg); > if (ret <=3D 0 || ret >=3D (int)sizeof(c->sock_path)) > die("Invalid socket path: %s", optarg); --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --OJ1KFLCMxwKuaQrg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZ/1YUACgkQzQJF27ox 2GefhhAAoI9MtX27ENfjQXJEPgQOuApbYrY8BPWecEi/ijUhM6G3RN0bdvEI1QjO 5Gjpnym721obLgsWCQmRGPDPqNM24JSz0Jriol8sJgsNZyIW7fy1zh8kz1dHFhw0 iwFsF4ZNc796vJ5OBZejbTNy3KxDwFHZvw484NbCSddD1uirGG1GbXG6tV86gkxH MYX2G85KRik/78Xe769nqkb/dygGkArvjGIkNr+kRVc14ErTJ0+k/9hMfDdJ05ow O9OEJuZPZ7OyxnUoHKj49OYW0+c6ZnBdZSclowXfqlrzbOHaFlOJSRqx9mr1NuEh q2i7mQF/Jy0jXMyqogvBObeKIPUS+uSgfKjEvzypbL8GY2WUUugDBTvgrs0oKpek KihbdLqm8OktxJbjRz3zwgDk5saLLFCAaJNPn8UtHY3jPN48+ZkJwVUUoVbn3d83 NsOg54HacHY2B5cXbgSkkdpAO1IFP+EsMHI00MvkAwxT/AzaIXiVSwYf6/4fgu/m LuDu7K40pwd7ereE5kd2aZfu5XPFmwAHjloiW0Sf6a3qwIUH46nNU2S0/y/WTSgQ tGjnJQ1FNfVOP7mw5OwERubRMfjqAzAdVwPB+eAAN/jkzO6j5iwfipjLhCivl7ys 0uMg5iS5s67WUIfQy5V/O88WxoNPn+PKFQdGpHWL/KVUV3cKtxs= =FIjA -----END PGP SIGNATURE----- --OJ1KFLCMxwKuaQrg--