lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 01 Aug 2021 09:39:11 -0700
From:   Joe Perches <joe@...ches.com>
To:     "Russell King (Oracle)" <linux@...linux.org.uk>,
        Len Baker <len.baker@....com>
Cc:     Kees Cook <keescook@...omium.org>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Lee Jones <lee.jones@...aro.org>,
        Uwe Kleine-König 
        <u.kleine-koenig@...gutronix.de>, linux-hardening@...r.kernel.org,
        linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of
 strscpy()

On Sun, 2021-08-01 at 16:00 +0100, Russell King (Oracle) wrote:
> On Sun, Aug 01, 2021 at 04:43:16PM +0200, Len Baker wrote:
> > strcpy() performs no bounds checking on the destination buffer. This
> > could result in linear overflows beyond the end of the buffer, leading
> > to all kinds of misbehaviors. The safe replacement is strscpy().
> > 
> > Signed-off-by: Len Baker <len.baker@....com>
> > ---
> > This is a task of the KSPP [1]
> > 
> > [1] https://github.com/KSPP/linux/issues/88
> > 
> >  drivers/input/keyboard/locomokbd.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/input/keyboard/locomokbd.c b/drivers/input/keyboard/locomokbd.c
> > index dae053596572..dbb3dc48df12 100644
> > --- a/drivers/input/keyboard/locomokbd.c
> > +++ b/drivers/input/keyboard/locomokbd.c
> > @@ -254,7 +254,7 @@ static int locomokbd_probe(struct locomo_dev *dev)
> >  	locomokbd->suspend_jiffies = jiffies;
> > 
> >  	locomokbd->input = input_dev;
> > -	strcpy(locomokbd->phys, "locomokbd/input0");
> > +	strscpy(locomokbd->phys, "locomokbd/input0", sizeof(locomokbd->phys));
> 
> So if the string doesn't fit, it's fine to silently truncate it?
> 
> Rather than converting every single strcpy() in the kernel to
> strscpy(), maybe there should be some consideration given to how the
> issue of a strcpy() that overflows the buffer should be handled.
> E.g. in the case of a known string such as the above, if it's longer
> than the destination, should we find a way to make the compiler issue
> a warning at compile time?
> 


Powered by blists - more mailing lists