lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 Aug 2021 17:57:32 +0200 From: Len Baker <len.baker@....com> To: "Russell King (Oracle)" <linux@...linux.org.uk>, Kees Cook <keescook@...omium.org> Cc: Len Baker <len.baker@....com>, Dmitry Torokhov <dmitry.torokhov@...il.com>, Lee Jones <lee.jones@...aro.org>, Uwe Kleine-König <u.kleine-koenig@...gutronix.de>, linux-hardening@...r.kernel.org, linux-input@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy() Hi, On Sun, Aug 01, 2021 at 04:00:00PM +0100, Russell King (Oracle) wrote: > On Sun, Aug 01, 2021 at 04:43:16PM +0200, Len Baker wrote: > > strcpy() performs no bounds checking on the destination buffer. This > > could result in linear overflows beyond the end of the buffer, leading > > to all kinds of misbehaviors. The safe replacement is strscpy(). > > > > Signed-off-by: Len Baker <len.baker@....com> > > --- > > This is a task of the KSPP [1] > > > > [1] https://github.com/KSPP/linux/issues/88 > > > > drivers/input/keyboard/locomokbd.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/input/keyboard/locomokbd.c b/drivers/input/keyboard/locomokbd.c > > index dae053596572..dbb3dc48df12 100644 > > --- a/drivers/input/keyboard/locomokbd.c > > +++ b/drivers/input/keyboard/locomokbd.c > > @@ -254,7 +254,7 @@ static int locomokbd_probe(struct locomo_dev *dev) > > locomokbd->suspend_jiffies = jiffies; > > > > locomokbd->input = input_dev; > > - strcpy(locomokbd->phys, "locomokbd/input0"); > > + strscpy(locomokbd->phys, "locomokbd/input0", sizeof(locomokbd->phys)); > > So if the string doesn't fit, it's fine to silently truncate it? I think it is better than overflow :) > Rather than converting every single strcpy() in the kernel to > strscpy(), maybe there should be some consideration given to how the > issue of a strcpy() that overflows the buffer should be handled. > E.g. in the case of a known string such as the above, if it's longer > than the destination, should we find a way to make the compiler issue > a warning at compile time? Good point. I am a kernel newbie and have no experience. So this question should be answered by some kernel hacker :) But I agree with your proposals. Kees and folks: Any comments? Note: Kees is asked the same question in [2] [2] https://lore.kernel.org/lkml/20210731135957.GB1979@titan/ Regards, Len
Powered by blists - more mailing lists