lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 12 Mar 2017 16:04:21 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     SIMRAN SINGHAL <singhalsimran0@...il.com>
Cc:     devel@...verdev.osuosl.org, outreachy-kernel@...glegroups.com,
        arve@...roid.com, riandrews@...roid.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] staging: android: Replace strcpy with strlcpy

On Sun, Mar 12, 2017 at 08:25:28PM +0530, SIMRAN SINGHAL wrote:
> On Sun, Mar 12, 2017 at 7:04 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> > On Sun, Mar 12, 2017 at 03:32:44AM +0530, simran singhal wrote:
> >> Replace strcpy with strlcpy as strcpy does not check for buffer
> >> overflow.
> >
> > Can there be a buffer overflow here?  If not, then strcpy is just fine
> > to use.  Do you see a potential code path here that actually is a
> > problem using this?
> >
> >> This is found using Flawfinder.
> >
> > You mean 'grep'?  :)
> >
> > If not, what exactly does "Flawfinder" point out is wrong with the code
> > here?  At first glance, I can't find it, but perhaps the tool, and your
> > audit, provided more information?
> >
> > thanks,
> >
> 
> Flawfinder reports possible security weaknesses (“flaws”) sorted by risk level.
> The risk level is shown inside square brackets and varies from 0, very
> little risk,
> to 5, great risk.
> 
> So, here in this case I was getting risk of [4].
> This is what I got:
> drivers/staging/android/ashmem.c:551:  [4] (buffer) strcpy:
>   Does not check for buffer overflows when copying to destination (CWE-120).
>   Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
>   misused).

Consider looking at the code to see if it actually is incorrect before
blindly accepting random comments by a random tool :)

Again, if you can see how this is incorrect, great, let's fix it,
otherwise please leave it as-is because so far your fixes are actually
breaking things :(

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ