lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHP4M8X1ABEhu8kGtRSJHeqQ_m627hNT_N3Q_GGdcr3W_Rfspw@mail.gmail.com>
Date:   Mon, 8 Nov 2021 08:46:01 +0530
From:   Ajay Garg <ajaygargnsit@...il.com>
To:     andy@...nel.org, Kees Cook <keescook@...omium.org>,
        akpm@...ux-foundation.org, adobriyan@...il.com,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-hardening@...r.kernel.org
Subject: RFC for a new string-copy function, using mixtures of strlcpy and strscpy

Hello everyone.

I recently came across the functions strlcpy and strscpy, and it seems
something is missing/unclean.

This email is a RFC for another function, by the name "strlscpy".
Following is a small .ko, which demonstrates the differences in
behaviours of strlcpy/strscpy/strlscpy :

######################################################
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/string.h>

char *__MODULE__ = "KERN-ajay-hello-world";

char a[10] = {0};
char b[] = "1234567890123456";

typedef size_t (*func_type_1)(char *dest, const char *src, size_t size);
typedef ssize_t (*func_type_2)(char *dest, const char *src, size_t size);

size_t strlscpy(char *dest, const char *src, size_t size)
{
    size_t len = strlen(src);

    if (size) {
            if(len >= size)
                len = size - 1;

        memcpy(dest, src, len);
        dest[len] = '\0';
    }

    return len;
}

void common(const char *fname, int len)
{
        printk("\n\nUsing [%s] ::  \n\n", fname);
        printk("len = [%d]\n", len);
        printk("a = [%s]\n", a);
}

void run_test_type_1(func_type_1 fn, const char *fname)
{
        common(fname, fn(a, b, sizeof(a)));
}

void run_test_type_2(func_type_2 fn, const char *fname)
{
        common(fname, fn(a, b, sizeof(a)));
}

static int __init hello_init(void)
{
        run_test_type_1(strlcpy, "strlcpy");
        run_test_type_2(strscpy, "strscpy");
        run_test_type_1(strlscpy, "strlscpy");

        return 0;
}

static void __exit hello_exit(void)
{
}

module_init(hello_init);
module_exit(hello_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Ajay Garg <ajaygargnsit@...il.com>");
MODULE_DESCRIPTION("Hello-World Driver");
######################################################




The output is as follows :

######################################################
Using [strlcpy] ::

len = [16]
a = [123456789]


Using [strscpy] ::

len = [-7]
a = [123456789]


Using [strlscpy] ::

len = [9]
a = [123456789]
######################################################


As is seen, the intended strlscpy function returns the number of bytes
truly copied, whereas the other two functions return values that are
prone to causing overflows/underflows.


== Motivation for the intended new function ==

Currently, strlcpy is being used in the kernel in following ways :

i)
Return-value is not consumed by the client.

ii)
Return-value is consumed by the client, and the overflow-check done on
the return-value.

iii)
Return-value is consumed by the client, but no overflow-check done on
the return-value.


Case i) is error-free, Case ii) is also acceptable.
However, Case iii) is error-prone to overflows (thus defeating the
purpose of using strlcpy at the first place).


Thus, kindly let know your thoughts, on this proposal for the addition
of this new strlscpy function in lib/string.c, so that return-value is
exact and not prone to any overflows/underflows.


Thanks and Regards,
Ajay

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ