Date: Sat, 31 Aug 2024 11:10:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 281160] [PATCH] mfiutil: Fix unsafe assumptions of snprintf(3) return value in function 'mfi_autolearn_period' Message-ID: <bug-281160-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281160 Bug ID: 281160 Summary: [PATCH] mfiutil: Fix unsafe assumptions of snprintf(3) return value in function 'mfi_autolearn_period' Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: msl0000023508@gmail.com Created attachment 253207 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D253207&action= =3Dedit mfiutil-8ee7bd9.diff The snprintf(3) returns the number of characters that **would have been written** if size is enough for the result. However the code in question dangerously assumed that truncation would never happen, by adjusting the pointer 'tmp' and size 'sz' using snprintf(3) return value, without first checking whether a truncation happend. (why use snprintf(3) in first place = if a truncation will never happen?) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281160-227>