| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Jun 2018 14:30:34 +0800
From: YueHaibing <yuehaibing@...wei.com>
To: Andy Shevchenko <andy.shevchenko@...il.com>
CC: <simon@...kelleys.org.uk>, Kalle Valo <kvalo@...eaurora.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
netdev <netdev@...r.kernel.org>,
"open list:TI WILINK WIRELES..." <linux-wireless@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH] atmel: using strlcpy() to avoid possible buffer overflows
On 2018/6/30 5:51, Andy Shevchenko wrote:
> On Sat, Jun 30, 2018 at 12:47 AM, Andy Shevchenko
> <andy.shevchenko@...il.com> wrote:
>> On Fri, Jun 29, 2018 at 5:51 AM, YueHaibing <yuehaibing@...wei.com> wrote:
>>> 'firmware' is a module param which may been longer than firmware_id,
>>> so using strlcpy() to guard against overflows
>>
>> strncat() is against overflow, this does a bit more.
>>
>>> priv->firmware_id[0] = '\0';
>> ...
>>> if (firmware) /* module parameter */
>>> - strcpy(priv->firmware_id, firmware);
>>> + strlcpy(priv->firmware_id, firmware, sizeof(priv->firmware_id));
>>
>> In either case the above '\0' is not needed.
>> But it looks like the intention was to use strncat() / strlcat().
>
> Ah, this is under condition, yes. If no parameter supplied, this needs
> to be clean, but
> priv is allocated with zeroed memory
> https://elixir.bootlin.com/linux/latest/source/net/core/dev.c#L8369
so just remove this line:
priv->firmware_id[0] = '\0';
and using strlcpy while 'firmware' NOT null is enough.
Will send v2.
>
Powered by blists - more mailing lists