lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202310021058.C9E46875@keescook>
Date: Mon, 2 Oct 2023 11:01:02 -0700
From: Kees Cook <keescook@...omium.org>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Brad Warrum <bwarrum@...ux.ibm.com>,
	Ritu Agarwal <rituagar@...ux.ibm.com>,
	Arnd Bergmann <arnd@...db.de>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] ibmvmc: replace deprecated strncpy with strscpy

On Wed, Sep 27, 2023 at 05:52:14AM +0000, Justin Stitt wrote:
> `strncpy` is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
> 
> A suitable replacement is `strscpy` [2] due to the fact that it
> guarantees NUL-termination on the destination buffer without
> unnecessarily NUL-padding.

This is weird -- I think hmc_id needs to be marked __nonstring, and the
commit log should talk about how it appears to be not %NUL terminated.

The bounce buffer is weird -- it seems like hmc_id could be made a
regular C string by being changed to MHC_ID_LEN + 1, and then everything
would work correctly without needing a bounce buffer, etc. (Well, it
would need explicit %NUL termination after the copy_from_user()).

But if that refactor doesn't sound right to maintainers, then I'd agree
that this patch is fine (though capturing the __nonstring bit might be
nice):

Reviewed-by: Kees Cook <keescook@...omium.org>

-Kees

> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@...r.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> ---
> Note: build-tested only.
> ---
>  drivers/misc/ibmvmc.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/misc/ibmvmc.c b/drivers/misc/ibmvmc.c
> index 2101eb12bcba..6d9ed9325f9f 100644
> --- a/drivers/misc/ibmvmc.c
> +++ b/drivers/misc/ibmvmc.c
> @@ -1249,9 +1249,7 @@ static long ibmvmc_ioctl_sethmcid(struct ibmvmc_file_session *session,
>  		return -EIO;
>  	}
>  
> -	/* Make sure buffer is NULL terminated before trying to print it */
> -	memset(print_buffer, 0, HMC_ID_LEN + 1);
> -	strncpy(print_buffer, hmc->hmc_id, HMC_ID_LEN);
> +	strscpy(print_buffer, hmc->hmc_id, sizeof(print_buffer));
>  	pr_info("ibmvmc: sethmcid: Set HMC ID: \"%s\"\n", print_buffer);
>  
>  	memcpy(buffer->real_addr_local, hmc->hmc_id, HMC_ID_LEN);
> 
> ---
> base-commit: 6465e260f48790807eef06b583b38ca9789b6072
> change-id: 20230927-strncpy-drivers-misc-ibmvmc-c-534349716fa4
> 
> Best regards,
> --
> Justin Stitt <justinstitt@...gle.com>
> 

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ