| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Sep 2023 01:08:07 +0200
From: Samuel Thibault <samuel.thibault@...-lyon.org>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Kees Cook <keescook@...omium.org>,
William Hubbs <w.d.hubbs@...il.com>,
Chris Brannon <chris@...-brannons.com>,
Kirk Reiser <kirk@...sers.ca>, speakup@...ux-speakup.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] accessibility: speakup: refactor deprecated strncpy
Hello,
Justin Stitt, le ven. 25 août 2023 15:41:03 -0700, a ecrit:
> Thanks for the review Kees and Samuel. Hoping to get this picked-up soon :)
>
> FWIW, I've quickly copy/pasted Kees' suggested refactor of
> synth_direct_store and rebased against v6.5-rc7 if anyone has the
> means by which to test it.
>
> TEST PATCH BELOW
> ---
> From e7216bca30673a162660c51f8bad3b463d283041 Mon Sep 17 00:00:00 2001
> From: Justin Stitt <justinstitt@...gle.com>
> Date: Fri, 25 Aug 2023 22:32:03 +0000
> Subject: [PATCH NEEDS TEST] synth_direct_store refactor to use synth_write
>
> I've just copy/pasted Kees' suggestion here [1] and rebased it against
> 6.5-rc7.
>
> This patch needs testing as it refactors behavior in synth_direct_store.
>
> [1]: https://lore.kernel.org/all/202308251439.36BC33ADB2@keescook/
>
> Signed-off-by: Justin Stitt <justinstitt@...gle.com>
Tested-by: Samuel Thibault <samuel.thibault@...-lyon.org>
but please submit it properly :) It was completely mangled in the mail.
> ---
> drivers/accessibility/speakup/kobjects.c | 25 +++++++++++-------------
> 1 file changed, 11 insertions(+), 14 deletions(-)
>
> diff --git a/drivers/accessibility/speakup/kobjects.c
> b/drivers/accessibility/speakup/kobjects.c
> index a7522d409802..0dfdb6608e02 100644
> --- a/drivers/accessibility/speakup/kobjects.c
> +++ b/drivers/accessibility/speakup/kobjects.c
> @@ -413,27 +413,24 @@ static ssize_t synth_direct_store(struct kobject *kobj,
> struct kobj_attribute *attr,
> const char *buf, size_t count)
> {
> - u_char tmp[256];
> - int len;
> - int bytes;
> - const char *ptr = buf;
> + char *unescaped;
> unsigned long flags;
>
> if (!synth)
> return -EPERM;
>
> - len = strlen(buf);
> + unescaped = kstrdup(buf, GFP_KERNEL);
> + if (!unescaped)
> + return -ENOMEM;
> +
> + string_unescape_any_inplace(unescaped);
> +
> spin_lock_irqsave(&speakup_info.spinlock, flags);
> - while (len > 0) {
> - bytes = min_t(size_t, len, 250);
> - strncpy(tmp, ptr, bytes);
> - tmp[bytes] = '\0';
> - string_unescape_any_inplace(tmp);
> - synth_printf("%s", tmp);
> - ptr += bytes;
> - len -= bytes;
> - }
> + synth_write(unescaped, strlen(unescaped));
> spin_unlock_irqrestore(&speakup_info.spinlock, flags);
> +
> + kfree(unescaped);
> +
> return count;
> }
>
> --
> 2.42.0.rc1.204.g551eb34607-goog
>
--
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.
Powered by blists - more mailing lists