lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <202010161618.8E214473@keescook> Date: Fri, 16 Oct 2020 16:19:59 -0700 From: Kees Cook <keescook@...omium.org> To: laniel_francis@...vacyrequired.com Cc: linux-hardening@...r.kernel.org Subject: Re: [PATCH v1 1/3] Fix unefficient call to memset before memcpu in nla_strlcpy. On Fri, Oct 16, 2020 at 02:52:14PM +0200, laniel_francis@...vacyrequired.com wrote: > From: Francis Laniel <laniel_francis@...vacyrequired.com> > > This patch solves part 1 of issue: https://github.com/KSPP/linux/issues/110 > > Signed-off-by: Francis Laniel <laniel_francis@...vacyrequired.com> > --- > lib/nlattr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/nlattr.c b/lib/nlattr.c > index 74019c8ebf6b..ab96a5f4b9b8 100644 > --- a/lib/nlattr.c > +++ b/lib/nlattr.c > @@ -731,8 +731,8 @@ size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) > if (dstsize > 0) { > size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; > > - memset(dst, 0, dstsize); > memcpy(dst, src, len); > + dst[len] = '\0'; I don't think this is right: callers are likely depending on the entire destination buffer to be zero-padded. I think you probably want: memset(dst + len, 0, dstsize - len); memcpy(dst, src, len); (but double-check my pointer math) > } > > return srclen; > -- > 2.20.1 > -- Kees Cook
Powered by blists - more mailing lists