lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 24 Aug 2023 11:02:22 +0200
From:   Heiko Carstens <hca@...ux.ibm.com>
To:     Justin Stitt <justinstitt@...gle.com>
Cc:     Stefan Haberland <sth@...ux.ibm.com>,
        Jan Hoeppner <hoeppner@...ux.ibm.com>,
        Jens Axboe <axboe@...nel.dk>,
        Kees Cook <keescook@...omium.org>, linux-s390@...r.kernel.org,
        linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] partitions/ibm: refactor deprecated strncpy

On Wed, Aug 23, 2023 at 09:24:22PM +0000, Justin Stitt wrote:
> `strncpy` is deprecated [1] and we should favor different interfaces.
> 
> A suitable replacement is `strtomem_pad` as it is a more robust and less
> ambiguous interface. In this case, the destination buffer is not
> necessarily NUL-terminated as Heiko points out [2]. Using `strtomem_pad`
> over strncpy means it is now more obvious what is expected of the
> destination buffer: 1) Not necessarily NUL-terminated and 2) padded with
> NUL-bytes
> 
> Link: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings[1]
> Link: https://lore.kernel.org/all/20230823134936.14378-E-hca@linux.ibm.com/ [2]
> Link: https://github.com/KSPP/linux/issues/90
> Suggested-by: Kees Cook <keescook@...omium.org>
> Cc: linux-hardening@...r.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> ---
> Changes in v2:
> - prefer `strtomem_pad` over `strscpy` (thanks Kees)
> - Link to v1: https://lore.kernel.org/r/20230822-strncpy-block-partitions-cmdline-ibm-v1-1-154dea8f755c@google.com
> ---
>  block/partitions/ibm.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/block/partitions/ibm.c b/block/partitions/ibm.c
> index 403756dbd50d..56c076c5523d 100644
> --- a/block/partitions/ibm.c
> +++ b/block/partitions/ibm.c
> @@ -111,11 +111,11 @@ static int find_label(struct parsed_partitions *state,
>  		    !strcmp(temp, "LNX1") ||
>  		    !strcmp(temp, "CMS1")) {
>  			if (!strcmp(temp, "VOL1")) {
> -				strncpy(type, label->vol.vollbl, 4);
> -				strncpy(name, label->vol.volid, 6);
> +				strtomem_pad(type, label->vol.vollbl, 4);
> +				strtomem_pad(name, label->vol.volid, 6);
>  			} else {
> -				strncpy(type, label->lnx.vollbl, 4);
> -				strncpy(name, label->lnx.volid, 6);
> +				strtomem_pad(type, label->lnx.vollbl, 4);
> +				strtomem_pad(name, label->lnx.volid, 6);
>  			}
>  			EBCASC(type, 4);
>  			EBCASC(name, 6);

This won't compile if find_label() is not inlined due the BUILD_BUG_ON()
within strtomem_pad(). However instead of sending new versions, I think it
would be better to ask Stefan and Jan to have a look at this. I think there
is room for improvement with the string handling besides getting rid of
strncpy().

And they know best the semantics of the (non-)strings.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ