lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 12 Jan 2022 12:41:27 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Andy Shevchenko <andy.shevchenko@...il.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Arnd Bergmann <arnd@...db.de>,
        Jiri Prchal <jiri.prchal@...ignal.cz>,
        Ralph Siemsen <ralph.siemsen@...aro.org>,
        Mark Brown <broonie@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH] eeprom: at25: Restore missing allocation

On Sat, Jan 08, 2022 at 01:36:12PM +0200, Andy Shevchenko wrote:
> On Sat, Jan 8, 2022 at 1:01 PM Kees Cook <keescook@...omium.org> wrote:
> >
> > Building under CONFIG_FORTIFY_SOURCE=y and -Warray-bounds complained about
> > strncpy() being used against an empty object. It turns out this was due to
> > the at25 allocation going missing during a conflict resolution. Restore
> > this, and while we're here take the opportunity to do another strncpy()
> > replacement, since it's use is deprecated[1].
> >
> > Seen as:
> >
> > In function 'strncpy',
> >     inlined from 'at25_fw_to_chip.constprop' at drivers/misc/eeprom/at25.c:312:2:
> > ./include/linux/fortify-string.h:48:33: warning: '__builtin_strncpy' offset [0, 9] is out of the bounds [0, 0] [-Warray-bounds]
> >    48 | #define __underlying_strncpy    __builtin_strncpy
> >       |                                 ^
> > ./include/linux/fortify-string.h:59:16: note: in expansion of macro '__underlying_strncpy'
> >    59 |         return __underlying_strncpy(p, q, size);
> >       |                ^~~~~~~~~~~~~~~~~~~~
> > In function 'strncpy',
> >     inlined from 'at25_fram_to_chip' at drivers/misc/eeprom/at25.c:373:2,
> >     inlined from 'at25_probe' at drivers/misc/eeprom/at25.c:453:10:
> > ./include/linux/fortify-string.h:48:33: warning: '__builtin_strncpy' offset [0, 9] is out of the bounds [0, 0] [-Warray-bounds]
> >    48 | #define __underlying_strncpy    __builtin_strncpy
> >       |                                 ^
> > ./include/linux/fortify-string.h:59:16: note: in expansion of macro '__underlying_strncpy'
> >    59 |         return __underlying_strncpy(p, q, size);
> >       |                ^~~~~~~~~~~~~~~~~~~~
> >
> > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
> 
> Thanks!
> With or without the below comment being addressed
> Reviewed-by: Andy Shevchenko <andy.shevchenko@...il.com>

Thanks!

> 
> > Fixes: af40d16042d6 ("Merge v5.15-rc5 into char-misc-next")
> > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
> > Cc: Arnd Bergmann <arnd@...db.de>
> > Cc: Jiri Prchal <jiri.prchal@...ignal.cz>
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> > ---
> >  drivers/misc/eeprom/at25.c | 8 ++++++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/misc/eeprom/at25.c b/drivers/misc/eeprom/at25.c
> > index c3305bdda69c..1a19fa5728c8 100644
> > --- a/drivers/misc/eeprom/at25.c
> > +++ b/drivers/misc/eeprom/at25.c
> > @@ -309,7 +309,7 @@ static int at25_fw_to_chip(struct device *dev, struct spi_eeprom *chip)
> >         u32 val;
> >         int err;
> >
> > -       strncpy(chip->name, "at25", sizeof(chip->name));
> > +       strscpy(chip->name, "at25", sizeof(chip->name));
> >
> >         err = device_property_read_u32(dev, "size", &val);
> >         if (err)
> > @@ -370,7 +370,7 @@ static int at25_fram_to_chip(struct device *dev, struct spi_eeprom *chip)
> >         u8 id[FM25_ID_LEN];
> >         int i;
> >
> > -       strncpy(chip->name, "fm25", sizeof(chip->name));
> > +       strscpy(chip->name, "fm25", sizeof(chip->name));
> >
> >         /* Get ID of chip */
> >         fm25_aux_read(at25, id, FM25_RDID, FM25_ID_LEN);
> > @@ -440,6 +440,10 @@ static int at25_probe(struct spi_device *spi)
> >                 return -ENXIO;
> >         }
> >
> > +       at25 = devm_kzalloc(&spi->dev, sizeof(struct at25_data), GFP_KERNEL);
> 
> I would use sizeof(*at25) but I think you restored the exact context.

Yeah, I just restore the chunk exactly as it was.

Greg, should I send a v2 with this adjusted?

-Kees

> 
> > +       if (!at25)
> > +               return -ENOMEM;
> > +
> >         mutex_init(&at25->lock);
> >         at25->spi = spi;
> >         spi_set_drvdata(spi, at25);
> > --
> > 2.30.2
> >
> 
> 
> -- 
> With Best Regards,
> Andy Shevchenko

-- 
Kees Cook

Powered by blists - more mailing lists