Message ID | 20220725173755.2993805-1-f.fainelli@gmail.com (mailing list archive) |
---|---|
State | Mainlined, archived |
Headers | show |
Series | tools/thermal: Fix possible path truncations | expand |
On Mon, Jul 25, 2022 at 7:38 PM Florian Fainelli <f.fainelli@gmail.com> wrote: > > A build with -D_FORTIFY_SOURCE=2 enabled will produce the following warnings: > > sysfs.c:63:30: warning: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 255 [-Wformat-truncation=] > snprintf(filepath, 256, "%s/%s", path, filename); > ^~ > Bump up the buffer to PATH_MAX which is the limit and account for all of > the possible NUL and separators that could lead to exceeding the > allocated buffer sizes. > > Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem") > Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Daniel, are you going to pick up this one or should I? There is also a tmon patch from Florian that seems to be pending. Should I take care of it? > --- > tools/thermal/tmon/sysfs.c | 24 +++++++++++++----------- > 1 file changed, 13 insertions(+), 11 deletions(-) > > diff --git a/tools/thermal/tmon/sysfs.c b/tools/thermal/tmon/sysfs.c > index b00b1bfd9d8e..cb1108bc9249 100644 > --- a/tools/thermal/tmon/sysfs.c > +++ b/tools/thermal/tmon/sysfs.c > @@ -13,6 +13,7 @@ > #include <stdint.h> > #include <dirent.h> > #include <libintl.h> > +#include <limits.h> > #include <ctype.h> > #include <time.h> > #include <syslog.h> > @@ -33,9 +34,9 @@ int sysfs_set_ulong(char *path, char *filename, unsigned long val) > { > FILE *fd; > int ret = -1; > - char filepath[256]; > + char filepath[PATH_MAX + 2]; /* NUL and '/' */ > > - snprintf(filepath, 256, "%s/%s", path, filename); > + snprintf(filepath, sizeof(filepath), "%s/%s", path, filename); > > fd = fopen(filepath, "w"); > if (!fd) { > @@ -57,9 +58,9 @@ static int sysfs_get_ulong(char *path, char *filename, unsigned long *p_ulong) > { > FILE *fd; > int ret = -1; > - char filepath[256]; > + char filepath[PATH_MAX + 2]; /* NUL and '/' */ > > - snprintf(filepath, 256, "%s/%s", path, filename); > + snprintf(filepath, sizeof(filepath), "%s/%s", path, filename); > > fd = fopen(filepath, "r"); > if (!fd) { > @@ -76,9 +77,9 @@ static int sysfs_get_string(char *path, char *filename, char *str) > { > FILE *fd; > int ret = -1; > - char filepath[256]; > + char filepath[PATH_MAX + 2]; /* NUL and '/' */ > > - snprintf(filepath, 256, "%s/%s", path, filename); > + snprintf(filepath, sizeof(filepath), "%s/%s", path, filename); > > fd = fopen(filepath, "r"); > if (!fd) { > @@ -199,8 +200,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name, > { > unsigned long trip_instance = 0; > char cdev_name_linked[256]; > - char cdev_name[256]; > - char cdev_trip_name[256]; > + char cdev_name[PATH_MAX]; > + char cdev_trip_name[PATH_MAX]; > int cdev_id; > > if (nl->d_type == DT_LNK) { > @@ -213,7 +214,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name, > return -EINVAL; > } > /* find the link to real cooling device record binding */ > - snprintf(cdev_name, 256, "%s/%s", tz_name, nl->d_name); > + snprintf(cdev_name, sizeof(cdev_name) - 2, "%s/%s", > + tz_name, nl->d_name); > memset(cdev_name_linked, 0, sizeof(cdev_name_linked)); > if (readlink(cdev_name, cdev_name_linked, > sizeof(cdev_name_linked) - 1) != -1) { > @@ -226,8 +228,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name, > /* find the trip point in which the cdev is binded to > * in this tzone > */ > - snprintf(cdev_trip_name, 256, "%s%s", nl->d_name, > - "_trip_point"); > + snprintf(cdev_trip_name, sizeof(cdev_trip_name) - 1, > + "%s%s", nl->d_name, "_trip_point"); > sysfs_get_ulong(tz_name, cdev_trip_name, > &trip_instance); > /* validate trip point range, e.g. trip could return -1 > -- > 2.25.1 >
On 03/08/2022 19:07, Rafael J. Wysocki wrote: > On Mon, Jul 25, 2022 at 7:38 PM Florian Fainelli <f.fainelli@gmail.com> wrote: >> >> A build with -D_FORTIFY_SOURCE=2 enabled will produce the following warnings: >> >> sysfs.c:63:30: warning: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 255 [-Wformat-truncation=] >> snprintf(filepath, 256, "%s/%s", path, filename); >> ^~ >> Bump up the buffer to PATH_MAX which is the limit and account for all of >> the possible NUL and separators that could lead to exceeding the >> allocated buffer sizes. >> >> Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem") >> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> > > Daniel, are you going to pick up this one or should I? > > There is also a tmon patch from Florian that seems to be pending. > Should I take care of it? Mmh, let me check. I thought I picked them :/
On 03/08/2022 19:07, Rafael J. Wysocki wrote: > On Mon, Jul 25, 2022 at 7:38 PM Florian Fainelli <f.fainelli@gmail.com> wrote: >> >> A build with -D_FORTIFY_SOURCE=2 enabled will produce the following warnings: >> >> sysfs.c:63:30: warning: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 255 [-Wformat-truncation=] >> snprintf(filepath, 256, "%s/%s", path, filename); >> ^~ >> Bump up the buffer to PATH_MAX which is the limit and account for all of >> the possible NUL and separators that could lead to exceeding the >> allocated buffer sizes. >> >> Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem") >> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> > > Daniel, are you going to pick up this one or should I? Yes, you can pick it > There is also a tmon patch from Florian that seems to be pending. > Should I take care of it? I'm not sure which patch you are referring but if it is the pthread compilation issue, it should be already applied for v5.20-rc1 from the thermal pull request https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/tools/thermal/tmon/tmon.h?id=c1dbe9a1c86da098a29dcdca1a67b65e2de7ec3a
On Wed, Aug 3, 2022 at 7:19 PM Daniel Lezcano <daniel.lezcano@linaro.org> wrote: > > On 03/08/2022 19:07, Rafael J. Wysocki wrote: > > On Mon, Jul 25, 2022 at 7:38 PM Florian Fainelli <f.fainelli@gmail.com> wrote: > >> > >> A build with -D_FORTIFY_SOURCE=2 enabled will produce the following warnings: > >> > >> sysfs.c:63:30: warning: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 255 [-Wformat-truncation=] > >> snprintf(filepath, 256, "%s/%s", path, filename); > >> ^~ > >> Bump up the buffer to PATH_MAX which is the limit and account for all of > >> the possible NUL and separators that could lead to exceeding the > >> allocated buffer sizes. > >> > >> Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem") > >> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> > > > > Daniel, are you going to pick up this one or should I? > > Yes, you can pick it Done. > > There is also a tmon patch from Florian that seems to be pending. > > Should I take care of it? > > I'm not sure which patch you are referring but if it is the pthread > compilation issue, it should be already applied for v5.20-rc1 from the > thermal pull request > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/tools/thermal/tmon/tmon.h?id=c1dbe9a1c86da098a29dcdca1a67b65e2de7ec3a Yes, it was this one. OK, we're good.
diff --git a/tools/thermal/tmon/sysfs.c b/tools/thermal/tmon/sysfs.c index b00b1bfd9d8e..cb1108bc9249 100644 --- a/tools/thermal/tmon/sysfs.c +++ b/tools/thermal/tmon/sysfs.c @@ -13,6 +13,7 @@ #include <stdint.h> #include <dirent.h> #include <libintl.h> +#include <limits.h> #include <ctype.h> #include <time.h> #include <syslog.h> @@ -33,9 +34,9 @@ int sysfs_set_ulong(char *path, char *filename, unsigned long val) { FILE *fd; int ret = -1; - char filepath[256]; + char filepath[PATH_MAX + 2]; /* NUL and '/' */ - snprintf(filepath, 256, "%s/%s", path, filename); + snprintf(filepath, sizeof(filepath), "%s/%s", path, filename); fd = fopen(filepath, "w"); if (!fd) { @@ -57,9 +58,9 @@ static int sysfs_get_ulong(char *path, char *filename, unsigned long *p_ulong) { FILE *fd; int ret = -1; - char filepath[256]; + char filepath[PATH_MAX + 2]; /* NUL and '/' */ - snprintf(filepath, 256, "%s/%s", path, filename); + snprintf(filepath, sizeof(filepath), "%s/%s", path, filename); fd = fopen(filepath, "r"); if (!fd) { @@ -76,9 +77,9 @@ static int sysfs_get_string(char *path, char *filename, char *str) { FILE *fd; int ret = -1; - char filepath[256]; + char filepath[PATH_MAX + 2]; /* NUL and '/' */ - snprintf(filepath, 256, "%s/%s", path, filename); + snprintf(filepath, sizeof(filepath), "%s/%s", path, filename); fd = fopen(filepath, "r"); if (!fd) { @@ -199,8 +200,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name, { unsigned long trip_instance = 0; char cdev_name_linked[256]; - char cdev_name[256]; - char cdev_trip_name[256]; + char cdev_name[PATH_MAX]; + char cdev_trip_name[PATH_MAX]; int cdev_id; if (nl->d_type == DT_LNK) { @@ -213,7 +214,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name, return -EINVAL; } /* find the link to real cooling device record binding */ - snprintf(cdev_name, 256, "%s/%s", tz_name, nl->d_name); + snprintf(cdev_name, sizeof(cdev_name) - 2, "%s/%s", + tz_name, nl->d_name); memset(cdev_name_linked, 0, sizeof(cdev_name_linked)); if (readlink(cdev_name, cdev_name_linked, sizeof(cdev_name_linked) - 1) != -1) { @@ -226,8 +228,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name, /* find the trip point in which the cdev is binded to * in this tzone */ - snprintf(cdev_trip_name, 256, "%s%s", nl->d_name, - "_trip_point"); + snprintf(cdev_trip_name, sizeof(cdev_trip_name) - 1, + "%s%s", nl->d_name, "_trip_point"); sysfs_get_ulong(tz_name, cdev_trip_name, &trip_instance); /* validate trip point range, e.g. trip could return -1
A build with -D_FORTIFY_SOURCE=2 enabled will produce the following warnings: sysfs.c:63:30: warning: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 255 [-Wformat-truncation=] snprintf(filepath, 256, "%s/%s", path, filename); ^~ Bump up the buffer to PATH_MAX which is the limit and account for all of the possible NUL and separators that could lead to exceeding the allocated buffer sizes. Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> --- tools/thermal/tmon/sysfs.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-)