1. Patchew
  2. linux
  3. View series

[PATCH] um: mconsole: validate notify socket path length

Pengpeng Hou posted 1 patch 4 days, 7 hours ago 
arch/um/drivers/mconsole_user.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
[PATCH] um: mconsole: validate notify socket path length
Posted by Pengpeng Hou 4 days, 7 hours ago 
mconsole_notify() copies the notify socket path into sockaddr_un.sun_path with strcpy(). There is no local check that the supplied path fits in the fixed Unix-domain socket path buffer.

Reject notify socket paths that do not fit in sun_path instead of copying them blindly.

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
 arch/um/drivers/mconsole_user.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/um/drivers/mconsole_user.c b/arch/um/drivers/mconsole_user.c
index a04cd13c6315..2c0d2984055c 100644
--- a/arch/um/drivers/mconsole_user.c
+++ b/arch/um/drivers/mconsole_user.c
@@ -198,8 +198,11 @@ int mconsole_notify(char *sock_name, int type, const void *data, int len)
 	if (err)
 		return err;
 
+	memset(&target, 0, sizeof(target));
 	target.sun_family = AF_UNIX;
-	strcpy(target.sun_path, sock_name);
+	if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
+	    sizeof(target.sun_path))
+		return -EINVAL;
 
 	packet.magic = MCONSOLE_MAGIC;
 	packet.version = MCONSOLE_VERSION;
-- 
2.50.1 (Apple Git-155)
Re: [PATCH] um: mconsole: validate notify socket path length
Posted by kernel test robot 1 day, 19 hours ago 
Hi Pengpeng,

kernel test robot noticed the following build errors:

[auto build test ERROR on uml/next]
[also build test ERROR on wireless-next/main wireless/main uml/fixes linus/master v7.0-rc6 next-20260330]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Pengpeng-Hou/um-mconsole-validate-notify-socket-path-length/20260331-052930
base:   https://git.kernel.org/pub/scm/linux/kernel/git/uml/linux next
patch link:    https://lore.kernel.org/r/20260329030945.32368-1-pengpeng%40iscas.ac.cn
patch subject: [PATCH] um: mconsole: validate notify socket path length
config: um-defconfig (https://download.01.org/0day-ci/archive/20260331/202603312307.FOQx0THR-lkp@intel.com/config)
compiler: clang version 23.0.0git (https://github.com/llvm/llvm-project 2cd67b8b69f78e3f95918204320c3075a74ba16c)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260331/202603312307.FOQx0THR-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603312307.FOQx0THR-lkp@intel.com/

All errors (new ones prefixed by >>):

>> arch/um/drivers/mconsole_user.c:203:6: error: call to undeclared function 'snprintf'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
     203 |         if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
         |             ^
   1 error generated.


vim +/snprintf +203 arch/um/drivers/mconsole_user.c

   180	
   181	int mconsole_notify(char *sock_name, int type, const void *data, int len)
   182	{
   183		struct sockaddr_un target;
   184		struct mconsole_notify packet;
   185		int n, err = 0;
   186	
   187		lock_notify();
   188		if (notify_sock < 0) {
   189			notify_sock = socket(PF_UNIX, SOCK_DGRAM, 0);
   190			if (notify_sock < 0) {
   191				err = -errno;
   192				printk(UM_KERN_ERR "mconsole_notify - socket failed, "
   193				       "errno = %d\n", errno);
   194			}
   195		}
   196		unlock_notify();
   197	
   198		if (err)
   199			return err;
   200	
   201		memset(&target, 0, sizeof(target));
   202		target.sun_family = AF_UNIX;
 > 203		if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Re: [PATCH] um: mconsole: validate notify socket path length
Posted by kernel test robot 1 day, 19 hours ago 
Hi Pengpeng,

kernel test robot noticed the following build errors:

[auto build test ERROR on uml/next]
[also build test ERROR on wireless-next/main wireless/main uml/fixes linus/master v7.0-rc6 next-20260330]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Pengpeng-Hou/um-mconsole-validate-notify-socket-path-length/20260331-052930
base:   https://git.kernel.org/pub/scm/linux/kernel/git/uml/linux next
patch link:    https://lore.kernel.org/r/20260329030945.32368-1-pengpeng%40iscas.ac.cn
patch subject: [PATCH] um: mconsole: validate notify socket path length
config: um-i386_defconfig (https://download.01.org/0day-ci/archive/20260331/202603312336.UUqJ8pFo-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260331/202603312336.UUqJ8pFo-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603312336.UUqJ8pFo-lkp@intel.com/

All errors (new ones prefixed by >>):

   arch/um/drivers/mconsole_user.c: In function 'mconsole_notify':
>> arch/um/drivers/mconsole_user.c:203:13: error: implicit declaration of function 'snprintf' [-Wimplicit-function-declaration]
     203 |         if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
         |             ^~~~~~~~
   arch/um/drivers/mconsole_user.c:14:1: note: 'snprintf' is defined in header '<stdio.h>'; this is probably fixable by adding '#include <stdio.h>'
      13 | #include "mconsole.h"
     +++ |+#include <stdio.h>
      14 | 


vim +/snprintf +203 arch/um/drivers/mconsole_user.c

   180	
   181	int mconsole_notify(char *sock_name, int type, const void *data, int len)
   182	{
   183		struct sockaddr_un target;
   184		struct mconsole_notify packet;
   185		int n, err = 0;
   186	
   187		lock_notify();
   188		if (notify_sock < 0) {
   189			notify_sock = socket(PF_UNIX, SOCK_DGRAM, 0);
   190			if (notify_sock < 0) {
   191				err = -errno;
   192				printk(UM_KERN_ERR "mconsole_notify - socket failed, "
   193				       "errno = %d\n", errno);
   194			}
   195		}
   196		unlock_notify();
   197	
   198		if (err)
   199			return err;
   200	
   201		memset(&target, 0, sizeof(target));
   202		target.sun_family = AF_UNIX;
 > 203		if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.