lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230916230807.motaqyb5gqzqjvub@begin>
Date:   Sun, 17 Sep 2023 01:08:07 +0200
From:   Samuel Thibault <samuel.thibault@...-lyon.org>
To:     Justin Stitt <justinstitt@...gle.com>
Cc:     Kees Cook <keescook@...omium.org>,
        William Hubbs <w.d.hubbs@...il.com>,
        Chris Brannon <chris@...-brannons.com>,
        Kirk Reiser <kirk@...sers.ca>, speakup@...ux-speakup.org,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] accessibility: speakup: refactor deprecated strncpy

Hello,

Justin Stitt, le ven. 25 août 2023 15:41:03 -0700, a ecrit:
> Thanks for the review Kees and Samuel. Hoping to get this picked-up soon :)
> 
> FWIW, I've quickly copy/pasted Kees' suggested refactor of
> synth_direct_store and rebased against v6.5-rc7 if anyone has the
> means by which to test it.
> 
> TEST PATCH BELOW
> ---
> From e7216bca30673a162660c51f8bad3b463d283041 Mon Sep 17 00:00:00 2001
> From: Justin Stitt <justinstitt@...gle.com>
> Date: Fri, 25 Aug 2023 22:32:03 +0000
> Subject: [PATCH NEEDS TEST] synth_direct_store refactor to use synth_write
> 
> I've just copy/pasted Kees' suggestion here [1] and rebased it against
> 6.5-rc7.
> 
> This patch needs testing as it refactors behavior in synth_direct_store.
> 
> [1]: https://lore.kernel.org/all/202308251439.36BC33ADB2@keescook/
> 
> Signed-off-by: Justin Stitt <justinstitt@...gle.com>

Tested-by: Samuel Thibault <samuel.thibault@...-lyon.org>

but please submit it properly :) It was completely mangled in the mail.

> ---
>  drivers/accessibility/speakup/kobjects.c | 25 +++++++++++-------------
>  1 file changed, 11 insertions(+), 14 deletions(-)
> 
> diff --git a/drivers/accessibility/speakup/kobjects.c
> b/drivers/accessibility/speakup/kobjects.c
> index a7522d409802..0dfdb6608e02 100644
> --- a/drivers/accessibility/speakup/kobjects.c
> +++ b/drivers/accessibility/speakup/kobjects.c
> @@ -413,27 +413,24 @@ static ssize_t synth_direct_store(struct kobject *kobj,
>     struct kobj_attribute *attr,
>     const char *buf, size_t count)
>  {
> - u_char tmp[256];
> - int len;
> - int bytes;
> - const char *ptr = buf;
> + char *unescaped;
>   unsigned long flags;
> 
>   if (!synth)
>   return -EPERM;
> 
> - len = strlen(buf);
> + unescaped = kstrdup(buf, GFP_KERNEL);
> + if (!unescaped)
> + return -ENOMEM;
> +
> + string_unescape_any_inplace(unescaped);
> +
>   spin_lock_irqsave(&speakup_info.spinlock, flags);
> - while (len > 0) {
> - bytes = min_t(size_t, len, 250);
> - strncpy(tmp, ptr, bytes);
> - tmp[bytes] = '\0';
> - string_unescape_any_inplace(tmp);
> - synth_printf("%s", tmp);
> - ptr += bytes;
> - len -= bytes;
> - }
> + synth_write(unescaped, strlen(unescaped));
>   spin_unlock_irqrestore(&speakup_info.spinlock, flags);
> +
> + kfree(unescaped);
> +
>   return count;
>  }
> 
> --
> 2.42.0.rc1.204.g551eb34607-goog
> 

-- 
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ