Date: Sat, 31 Aug 2024 11:10:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 281160] [PATCH] mfiutil: Fix unsafe assumptions of snprintf(3) return value in function 'mfi_autolearn_period' Message-ID: <bug-281160-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281160 Bug ID: 281160 Summary: [PATCH] mfiutil: Fix unsafe assumptions of snprintf(3) return value in function 'mfi_autolearn_period' Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: msl0000023508@gmail.com Created attachment 253207 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253207&action=edit mfiutil-8ee7bd9.diff The snprintf(3) returns the number of characters that **would have been written** if size is enough for the result. However the code in question dangerously assumed that truncation would never happen, by adjusting the pointer 'tmp' and size 'sz' using snprintf(3) return value, without first checking whether a truncation happend. (why use snprintf(3) in first place if a truncation will never happen?) -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281160-227>