| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201019094355.4f6f3826@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date: Mon, 19 Oct 2020 09:43:55 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: laniel_francis@...vacyrequired.com
Cc: linux-hardening@...r.kernel.org, davem@...emloft.net
Subject: Re: [RFC][PATCH v2 2/3] Modify return value of nla_strlcpy to match
that of strscpy.
On Mon, 19 Oct 2020 17:23:30 +0200 laniel_francis@...vacyrequired.com
wrote:
> diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
> index d4d461236351..85f4ac779399 100644
> --- a/include/net/pkt_cls.h
> +++ b/include/net/pkt_cls.h
> @@ -4,6 +4,7 @@
>
> #include <linux/pkt_cls.h>
> #include <linux/workqueue.h>
> +#include <linux/errno.h>
Stray include.
> #include <net/sch_generic.h>
> #include <net/act_api.h>
> #include <net/net_namespace.h>
> diff --git a/lib/nlattr.c b/lib/nlattr.c
> index 07156e581997..d692716bda78 100644
> --- a/lib/nlattr.c
> +++ b/lib/nlattr.c
> @@ -713,30 +713,39 @@ EXPORT_SYMBOL(nla_find);
> * @dst: where to copy the string to
> * @nla: attribute to copy the string from
> * @dstsize: size of destination buffer
> + * @returns: -E2BIG if @dstsize is 0 or source buffer length greater than
I don't think this is correct format for kdoc.
> + * @dstsize, otherwise it returns the number of copied characters (not
> + * including the trailing %NUL).
> *
> * Copies at most dstsize - 1 bytes into the destination buffer.
> - * The result is always a valid NUL-terminated string. Unlike
> - * strlcpy the destination buffer is always padded out.
> - *
> - * Returns the length of the source buffer.
> + * Unlike strlcpy the destination buffer is always padded out.
> */
> -size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
> +ssize_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
> {
> + size_t len;
> + ssize_t ret;
> size_t srclen = nla_len(nla);
> char *src = nla_data(nla);
Sort local variables long to short.
>
> + if (dstsize == 0 || WARN_ON_ONCE(dstsize > INT_MAX))
You can make it > U16_MAX, attr len is 16 bit.
> + return -E2BIG;
> +
> if (srclen > 0 && src[srclen - 1] == '\0')
> srclen--;
>
> - if (dstsize > 0) {
> - size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
> -
> - memcpy(dst, src, len);
> - /* Zero pad end of dst. */
> - memset(dst + len, 0, dstsize - len);
> + if (srclen >= dstsize) {
> + len = dstsize - 1;
> + ret = -E2BIG;
> + } else {
> + len = srclen;
> + ret = len;
> }
>
> - return srclen;
> + memcpy(dst, src, len);
> + /* Zero pad end of dst. */
> + memset(dst + len, 0, dstsize - len);
> +
> + return ret;
> }
> EXPORT_SYMBOL(nla_strlcpy);
>
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index 41a55c6cbeb8..f0bf64393cbf 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -223,7 +223,7 @@ static inline u32 tcf_auto_prio(struct tcf_proto *tp)
> static bool tcf_proto_check_kind(struct nlattr *kind, char *name)
> {
> if (kind)
> - return nla_strlcpy(name, kind, IFNAMSIZ) >= IFNAMSIZ;
> + return nla_strlcpy(name, kind, IFNAMSIZ) > 0;
Bug.
> memset(name, 0, IFNAMSIZ);
> return false;
> }
Powered by blists - more mailing lists