lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFhGd8ppobxMnvrMT4HrRkf0LvHE1P-utErp8Tk22Fb9OO=8Rw@mail.gmail.com> Date: Tue, 10 Oct 2023 14:41:10 -0700 From: Justin Stitt <justinstitt@...gle.com> To: Jesse Brandeburg <jesse.brandeburg@...el.com> Cc: Tony Nguyen <anthony.l.nguyen@...el.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, intel-wired-lan@...ts.osuosl.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] igbvf: replace deprecated strncpy with strscpy On Tue, Oct 10, 2023 at 2:20 PM Jesse Brandeburg <jesse.brandeburg@...el.com> wrote: > > On 10/10/2023 2:12 PM, Justin Stitt wrote: > > `strncpy` is deprecated for use on NUL-terminated destination strings > > [1] and as such we should prefer more robust and less ambiguous string > > interfaces. > > > > We expect netdev->name to be NUL-terminated based on its usage with > > `strlen` and format strings: > > | if (strlen(netdev->name) < (IFNAMSIZ - 5)) { > > | sprintf(adapter->tx_ring->name, "%s-tx-0", netdev->name); > > > > Moreover, we do not need NUL-padding as netdev is already > > zero-allocated: > > | netdev = alloc_etherdev(sizeof(struct igbvf_adapter)); > > ... > > alloc_etherdev() -> alloc_etherdev_mq() -> alloc_etherdev_mqs() -> > > alloc_netdev_mqs() ... > > | p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); > > > > Considering the above, a suitable replacement is `strscpy` [2] due to > > the fact that it guarantees NUL-termination on the destination buffer > > without unnecessarily NUL-padding. > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@...r.kernel.org > > Signed-off-by: Justin Stitt <justinstitt@...gle.com> > > --- > > Thanks Justin for these patches, please make sure you mark the subject > line as per the netdev rules: > [PATCH net-next v1] etc etc Sure, I'll resend! > > I'd also prefer they came in as part of one series with a good cover > letter, at the very least for the Intel drivers, and you probably could > combine any others (netdev) together up to the 15 patch limit. Got it :) > > Please mention how you found these issues, via automated tool or via > coccinelle script, manual grepping, etc? rg "strncpy\(" > pain.txt > > Thanks, > Jesse >
Powered by blists - more mailing lists