lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFhGd8rN3WwXPxh6SZokJk1M03Z9b5JdiUJ9ObRyCkOksMzJBQ@mail.gmail.com> Date: Thu, 5 Oct 2023 11:58:52 -0700 From: Justin Stitt <justinstitt@...gle.com> To: Alexander Lobakin <aleksander.lobakin@...el.com> Cc: Kees Cook <keescook@...omium.org>, Andrew Lunn <andrew@...n.ch>, Florian Fainelli <f.fainelli@...il.com>, Vladimir Oltean <olteanv@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] net: dsa: lan9303: replace deprecated strncpy with memcpy On Thu, Oct 5, 2023 at 7:54 AM Alexander Lobakin <aleksander.lobakin@...el.com> wrote: > > From: Kees Cook <keescook@...omium.org> > Date: Wed, 4 Oct 2023 22:02:00 -0700 > > > On Wed, Oct 04, 2023 at 08:07:55PM -0700, Kees Cook wrote: > >> On Thu, Oct 05, 2023 at 12:30:18AM +0000, Justin Stitt wrote: > >>> `strncpy` is deprecated for use on NUL-terminated destination strings > >>> [1] and as such we should prefer more robust and less ambiguous > >>> interfaces. > >>> > >>> Let's opt for memcpy as we are copying strings into slices of length > >>> `ETH_GSTRING_LEN` within the `data` buffer. Other similar get_strings() > >>> implementations [2] [3] use memcpy(). > >>> > >>> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > >>> Link: https://elixir.bootlin.com/linux/v6.3/source/drivers/infiniband/ulp/opa_vnic/opa_vnic_ethtool.c#L167 [2] > >>> Link: https://elixir.bootlin.com/linux/v6.3/source/drivers/infiniband/ulp/ipoib/ipoib_ethtool.c#L137 [3] > >>> Link: https://github.com/KSPP/linux/issues/90 > >>> Cc: linux-hardening@...r.kernel.org > >>> Signed-off-by: Justin Stitt <justinstitt@...gle.com> > >>> --- > >>> Note: build-tested only. > >>> --- > >>> drivers/net/dsa/lan9303-core.c | 4 ++-- > >>> 1 file changed, 2 insertions(+), 2 deletions(-) > >>> > >>> diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c > >>> index ee67adeb2cdb..665d69384b62 100644 > >>> --- a/drivers/net/dsa/lan9303-core.c > >>> +++ b/drivers/net/dsa/lan9303-core.c > >>> @@ -1013,8 +1013,8 @@ static void lan9303_get_strings(struct dsa_switch *ds, int port, > >>> return; > >>> > >>> for (u = 0; u < ARRAY_SIZE(lan9303_mib); u++) { > >>> - strncpy(data + u * ETH_GSTRING_LEN, lan9303_mib[u].name, > >>> - ETH_GSTRING_LEN); > >>> + memcpy(data + u * ETH_GSTRING_LEN, lan9303_mib[u].name, > >>> + ETH_GSTRING_LEN); > >> > >> This won't work because lan9303_mib entries aren't ETH_GSTRING_LEN-long > >> strings; they're string pointers: > >> > >> static const struct lan9303_mib_desc lan9303_mib[] = { > >> { .offset = LAN9303_MAC_RX_BRDCST_CNT_0, .name = "RxBroad", }, > >> > >> So this really does need a strcpy-family function. > >> > >> And, I think the vnic_gstrings_stats and ipoib_gstrings_stats examples > >> are actually buggy -- they're copying junk into userspace... > >> > >> I am reminded of this patch, which correctly uses strscpy_pad(): > >> https://lore.kernel.org/lkml/20230718-net-dsa-strncpy-v1-1-e84664747713@google.com/ > >> > >> I think you want to do the same here, and use strscpy_pad(). And perhaps > >> send some fixes for the other memcpy() users? > > > > Meh, I think it's not worth fixing the memcpy() users of this. This > > buggy pattern is very common, it seems: > > > > $ git grep 'data.*ETH_GSTRING_LEN' | grep memcpy | wc -l > > 47 > > We have ethtool_sprintf() precisely for the sake of filling the Ethtool > statistics names. > > BTW this weird pattern "let's make the array of our stats names of fixed > width (ETH_GSTRING_LEN), so that we could use memcpy() instead of > strcpy()" was pretty common some time ago, no idea why, as it wastes > memory for tons of \0 padding and provokes issues like the one you > noticed here. Just sent a v2 using ethtool_sprintf(). I'd appreciate some feedback on if I used it correctly. > > > > > Thanks, > Olek [v2]: https://lore.kernel.org/r/20231005-strncpy-drivers-net-dsa-lan9303-core-c-v2-1-feb452a532db@google.com Thanks Justin
Powered by blists - more mailing lists