| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202310021058.C9E46875@keescook>
Date: Mon, 2 Oct 2023 11:01:02 -0700
From: Kees Cook <keescook@...omium.org>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Brad Warrum <bwarrum@...ux.ibm.com>,
Ritu Agarwal <rituagar@...ux.ibm.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] ibmvmc: replace deprecated strncpy with strscpy
On Wed, Sep 27, 2023 at 05:52:14AM +0000, Justin Stitt wrote:
> `strncpy` is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> A suitable replacement is `strscpy` [2] due to the fact that it
> guarantees NUL-termination on the destination buffer without
> unnecessarily NUL-padding.
This is weird -- I think hmc_id needs to be marked __nonstring, and the
commit log should talk about how it appears to be not %NUL terminated.
The bounce buffer is weird -- it seems like hmc_id could be made a
regular C string by being changed to MHC_ID_LEN + 1, and then everything
would work correctly without needing a bounce buffer, etc. (Well, it
would need explicit %NUL termination after the copy_from_user()).
But if that refactor doesn't sound right to maintainers, then I'd agree
that this patch is fine (though capturing the __nonstring bit might be
nice):
Reviewed-by: Kees Cook <keescook@...omium.org>
-Kees
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@...r.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> ---
> Note: build-tested only.
> ---
> drivers/misc/ibmvmc.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/misc/ibmvmc.c b/drivers/misc/ibmvmc.c
> index 2101eb12bcba..6d9ed9325f9f 100644
> --- a/drivers/misc/ibmvmc.c
> +++ b/drivers/misc/ibmvmc.c
> @@ -1249,9 +1249,7 @@ static long ibmvmc_ioctl_sethmcid(struct ibmvmc_file_session *session,
> return -EIO;
> }
>
> - /* Make sure buffer is NULL terminated before trying to print it */
> - memset(print_buffer, 0, HMC_ID_LEN + 1);
> - strncpy(print_buffer, hmc->hmc_id, HMC_ID_LEN);
> + strscpy(print_buffer, hmc->hmc_id, sizeof(print_buffer));
> pr_info("ibmvmc: sethmcid: Set HMC ID: \"%s\"\n", print_buffer);
>
> memcpy(buffer->real_addr_local, hmc->hmc_id, HMC_ID_LEN);
>
> ---
> base-commit: 6465e260f48790807eef06b583b38ca9789b6072
> change-id: 20230927-strncpy-drivers-misc-ibmvmc-c-534349716fa4
>
> Best regards,
> --
> Justin Stitt <justinstitt@...gle.com>
>
--
Kees Cook
Powered by blists - more mailing lists