lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201016125216.10922-3-laniel_francis@privacyrequired.com> Date: Fri, 16 Oct 2020 14:52:15 +0200 From: laniel_francis@...vacyrequired.com To: linux-hardening@...r.kernel.org Cc: Francis Laniel <laniel_francis@...vacyrequired.com> Subject: [PATCH v1 2/3] Modify return value of nla_strlcpy to match that of strscpy. From: Francis Laniel <laniel_francis@...vacyrequired.com> This patch solves part 2 of issue: https://github.com/KSPP/linux/issues/110 Signed-off-by: Francis Laniel <laniel_francis@...vacyrequired.com> --- include/net/netlink.h | 2 +- include/net/pkt_cls.h | 3 ++- lib/nlattr.c | 31 ++++++++++++++++++++----------- net/sched/act_api.c | 2 +- net/sched/sch_api.c | 2 +- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/include/net/netlink.h b/include/net/netlink.h index 7356f41d23ba..446ca182e13d 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -506,7 +506,7 @@ int __nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head, struct netlink_ext_ack *extack); int nla_policy_len(const struct nla_policy *, int); struct nlattr *nla_find(const struct nlattr *head, int len, int attrtype); -size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize); +ssize_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize); char *nla_strdup(const struct nlattr *nla, gfp_t flags); int nla_memcpy(void *dest, const struct nlattr *src, int count); int nla_memcmp(const struct nlattr *nla, const void *data, size_t size); diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h index d4d461236351..f42db07c399b 100644 --- a/include/net/pkt_cls.h +++ b/include/net/pkt_cls.h @@ -4,6 +4,7 @@ #include <linux/pkt_cls.h> #include <linux/workqueue.h> +#include <linux/errno.h> #include <net/sch_generic.h> #include <net/act_api.h> #include <net/net_namespace.h> @@ -512,7 +513,7 @@ tcf_change_indev(struct net *net, struct nlattr *indev_tlv, char indev[IFNAMSIZ]; struct net_device *dev; - if (nla_strlcpy(indev, indev_tlv, IFNAMSIZ) >= IFNAMSIZ) { + if (nla_strlcpy(indev, indev_tlv, IFNAMSIZ) == -E2BIG) { NL_SET_ERR_MSG_ATTR(extack, indev_tlv, "Interface name too long"); return -EINVAL; diff --git a/lib/nlattr.c b/lib/nlattr.c index ab96a5f4b9b8..83dd233bbe3e 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c @@ -713,29 +713,38 @@ EXPORT_SYMBOL(nla_find); * @dst: where to copy the string to * @nla: attribute to copy the string from * @dstsize: size of destination buffer + * @returns: -E2BIG if @dstsize is 0 or source buffer length greater than + * @dstsize, otherwise it returns the number of copied characters (not + * including the trailing %NUL). * * Copies at most dstsize - 1 bytes into the destination buffer. - * The result is always a valid NUL-terminated string. Unlike - * strlcpy the destination buffer is always padded out. - * - * Returns the length of the source buffer. + * The result is always a valid NUL-terminated string. */ -size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) +ssize_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) { + size_t len; + ssize_t ret; size_t srclen = nla_len(nla); char *src = nla_data(nla); + if (dstsize == 0 || WARN_ON_ONCE(dstsize > INT_MAX)) + return -E2BIG; + if (srclen > 0 && src[srclen - 1] == '\0') srclen--; - if (dstsize > 0) { - size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; - - memcpy(dst, src, len); - dst[len] = '\0'; + if (srclen >= dstsize) { + len = dstsize - 1; + ret = -E2BIG; + } else { + len = srclen; + ret = len; } - return srclen; + memcpy(dst, src, len); + dst[len] = '\0'; + + return ret; } EXPORT_SYMBOL(nla_strlcpy); diff --git a/net/sched/act_api.c b/net/sched/act_api.c index f66417d5d2c3..ed411d6c29fc 100644 --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -935,7 +935,7 @@ struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp, NL_SET_ERR_MSG(extack, "TC action kind must be specified"); goto err_out; } - if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) { + if (nla_strlcpy(act_name, kind, IFNAMSIZ) == -E2BIG) { NL_SET_ERR_MSG(extack, "TC action name too long"); goto err_out; } diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c index 2a76a2f5ed88..3e89c666d1e8 100644 --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c @@ -1170,7 +1170,7 @@ static struct Qdisc *qdisc_create(struct net_device *dev, #ifdef CONFIG_MODULES if (ops == NULL && kind != NULL) { char name[IFNAMSIZ]; - if (nla_strlcpy(name, kind, IFNAMSIZ) < IFNAMSIZ) { + if (nla_strlcpy(name, kind, IFNAMSIZ) != -E2BIG) { /* We dropped the RTNL semaphore in order to * perform the module load. So, even if we * succeeded in loading the module we have to -- 2.20.1
Powered by blists - more mailing lists