lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 17 Oct 2020 10:56:55 +0200
From:   Francis Laniel <laniel_francis@...vacyrequired.com>
To:     Jann Horn <jannh@...gle.com>
Cc:     linux-hardening@...r.kernel.org
Subject: Re: [PATCH v1 2/3] Modify return value of nla_strlcpy to match that of strscpy.

Le samedi 17 octobre 2020, 02:41:33 CEST Jann Horn a écrit :
> On Fri, Oct 16, 2020 at 3:02 PM <laniel_francis@...vacyrequired.com> wrote:
> > This patch solves part 2 of issue:
> > https://github.com/KSPP/linux/issues/110
> > 
> > Signed-off-by: Francis Laniel <laniel_francis@...vacyrequired.com>
> > ---
> > 
> >  include/net/netlink.h |  2 +-
> >  include/net/pkt_cls.h |  3 ++-
> >  lib/nlattr.c          | 31 ++++++++++++++++++++-----------
> >  net/sched/act_api.c   |  2 +-
> >  net/sched/sch_api.c   |  2 +-
> >  5 files changed, 25 insertions(+), 15 deletions(-)
> 
> [...]
> 
> > diff --git a/lib/nlattr.c b/lib/nlattr.c
> > index ab96a5f4b9b8..83dd233bbe3e 100644
> > --- a/lib/nlattr.c
> > +++ b/lib/nlattr.c
> > @@ -713,29 +713,38 @@ EXPORT_SYMBOL(nla_find);
> > 
> >   * @dst: where to copy the string to
> >   * @nla: attribute to copy the string from
> >   * @dstsize: size of destination buffer
> > 
> > + * @returns: -E2BIG if @dstsize is 0 or source buffer length greater than
> > + * @dstsize, otherwise it returns the number of copied characters (not
> > + * including the trailing %NUL).
> > 
> >   *
> >   * Copies at most dstsize - 1 bytes into the destination buffer.
> > 
> > - * The result is always a valid NUL-terminated string. Unlike
> > - * strlcpy the destination buffer is always padded out.
> > - *
> > - * Returns the length of the source buffer.
> > + * The result is always a valid NUL-terminated string.
> > 
> >   */
> 
> What about tcf_proto_check_kind()?

Good catch!
I just searched for "if (nla_strlcpy" in the code to propagate change.
I will add it to the next version!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ