| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7rldvf22zvtvvqpqsoeidg57sqwnuz6pfclve7igw6kuxp5jfp@vkt3z7br5hll>
Date: Mon, 18 Sep 2023 09:16:39 +0200
From: Patrik Jakobsson <patrik.r.jakobsson@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Justin Stitt <justinstitt@...gle.com>,
David Airlie <airlied@...il.com>,
Daniel Vetter <daniel@...ll.ch>,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH] drm/gma500: refactor deprecated strncpy
On Thu, Sep 14, 2023 at 09:37:31PM -0700, Kees Cook wrote:
> On Thu, Sep 14, 2023 at 08:52:21PM +0000, Justin Stitt wrote:
> > `strncpy` is deprecated for use on NUL-terminated destination strings [1].
> >
> > We should prefer more robust and less ambiguous string interfaces.
> >
> > Since `chan->base.name` is expected to be NUL-terminated, a suitable
> > replacement is `strscpy` [2] due to the fact that it guarantees
> > NUL-termination on the destination buffer without also unnecessarily
> > NUL-padding.
>
> How did you decide about %NUL padding? (I see it is kzalloc'd, so it
> doesn't matter.)
>
> >
> > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> > Link: https://github.com/KSPP/linux/issues/90
> > Cc: linux-hardening@...r.kernel.org
> > Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> > ---
> >
> >
> > drm/gma500: refactor deprecated strncpy
> > ---
> > drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c
> > index 06b5b2d70d48..68458cbdd6d5 100644
> > --- a/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c
> > +++ b/drivers/gpu/drm/gma500/oaktrail_lvds_i2c.c
> > @@ -141,7 +141,7 @@ struct gma_i2c_chan *oaktrail_lvds_i2c_init(struct drm_device *dev)
> >
> > chan->drm_dev = dev;
> > chan->reg = dev_priv->lpc_gpio_base;
> > - strncpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1);
> > + strscpy(chan->base.name, "gma500 LPC", I2C_NAME_SIZE - 1);
>
> What's going on here with the destination buffer size? chan->base.name
> is 48 bytes. I2C_NAME_SIZE is 20.
It seems I2C_NAME_SIZE is used for i2c_client.name but is abused here
for i2c_adapter.name as well. Using sizeof() would be better. Justin,
would you mind changing that as well?
Thanks
Patrik
>
> Ultimately it doesn't matter since the source is a const char string,
> but it's still weird. Therefore:
>
> Reviewed-by: Kees Cook <keescook@...omium.org>
>
> -Kees
>
> > chan->base.owner = THIS_MODULE;
> > chan->base.algo_data = &chan->algo;
> > chan->base.dev.parent = dev->dev;
> >
> > ---
> > base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec
> > change-id: 20230914-drivers-gpu-drm-gma500-oaktrail_lvds_i2c-c-a53c6d8bd62f
> >
> > Best regards,
> > --
> > Justin Stitt <justinstitt@...gle.com>
> >
>
> --
> Kees Cook
Powered by blists - more mailing lists