lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2022 10:20:58 -0700 From: Kees Cook <keescook@...omium.org> To: "Darrick J . Wong" <djwong@...nel.org> Cc: Kees Cook <keescook@...omium.org>, Zorro Lang <zlang@...hat.com>, linux-xfs@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Keith Packard <keithp@...thp.com>, Francis Laniel <laniel_francis@...vacyrequired.com>, Daniel Axtens <dja@...ens.net>, Dan Williams <dan.j.williams@...el.com>, Vincenzo Frascino <vincenzo.frascino@....com>, Guenter Roeck <linux@...ck-us.net>, Daniel Vetter <daniel.vetter@...ll.ch>, Tadeusz Struk <tadeusz.struk@...aro.org>, Geert Uytterhoeven <geert@...ux-m68k.org>, Andy Shevchenko <andriy.shevchenko@...el.com>, Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: [PATCH 2/2] xfs: Use flex_cpy() to check extent copying Use flex_cpy() instead of memcpy() to copy the bui_fmt flexible array structure, which will perform bounds checking internally. Avoids the false positive warning seen under FORTIFY_SOURCE: memcpy: detected field-spanning write (size 48) of single field "dst_bui_fmt" at fs/xfs/xfs_bmap_item.c:628 (size 16) Reported-by: Zorro Lang <zlang@...hat.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=216563 Cc: "Darrick J. Wong" <djwong@...nel.org> Cc: linux-xfs@...r.kernel.org Signed-off-by: Kees Cook <keescook@...omium.org> --- fs/xfs/xfs_bmap_item.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c index 51f66e982484..5f135893df66 100644 --- a/fs/xfs/xfs_bmap_item.c +++ b/fs/xfs/xfs_bmap_item.c @@ -24,6 +24,7 @@ #include "xfs_error.h" #include "xfs_log_priv.h" #include "xfs_log_recover.h" +#include <linux/flex_array.h> struct kmem_cache *xfs_bui_cache; struct kmem_cache *xfs_bud_cache; @@ -624,10 +625,10 @@ xfs_bui_copy_format( src_bui_fmt = buf->i_addr; len = xfs_bui_log_format_sizeof(src_bui_fmt->bui_nextents); - if (buf->i_len == len) { - memcpy(dst_bui_fmt, src_bui_fmt, len); + if (buf->i_len == len && + __flex_cpy(dst_bui_fmt, src_bui_fmt, + bui_extents, bui_nextents, __passthru) == 0) return 0; - } XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, NULL); return -EFSCORRUPTED; } -- 2.34.1
Powered by blists - more mailing lists