lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <b85a4e54-61c7-45fe-b97d-46338b237a64@quicinc.com> Date: Tue, 24 Oct 2023 16:19:29 -0700 From: Jeff Johnson <quic_jjohnson@...cinc.com> To: Kees Cook <keescook@...omium.org>, Justin Stitt <justinstitt@...gle.com> CC: Kalle Valo <kvalo@...nel.org>, <ath10k@...ts.infradead.org>, <linux-wireless@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-hardening@...r.kernel.org> Subject: Re: [PATCH v2] wifi: ath10k: replace deprecated strncpy with memcpy On 10/24/2023 2:34 PM, Kees Cook wrote: > On Tue, Oct 24, 2023 at 05:42:16PM +0000, Justin Stitt wrote: >> strncpy() is deprecated [1] and we should prefer less ambiguous >> interfaces. >> >> In this case, arvif->u.ap.ssid has its length maintained by >> arvif->u.ap.ssid_len which indicates it may not need to be >> NUL-terminated. Make this explicit with __nonstring and use a plain old >> memcpy. >> >> This is also consistent with future copies into arvif->u.ap.ssid: >> >> if (changed & BSS_CHANGED_SSID && >> vif->type == NL80211_IFTYPE_AP) { >> arvif->u.ap.ssid_len = vif->cfg.ssid_len; >> if (vif->cfg.ssid_len) >> memcpy(arvif->u.ap.ssid, vif->cfg.ssid, >> vif->cfg.ssid_len); >> arvif->u.ap.hidden_ssid = info->hidden_ssid; >> } >> >> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] >> Link: https://github.com/KSPP/linux/issues/90 >> Cc: linux-hardening@...r.kernel.org >> Signed-off-by: Justin Stitt <justinstitt@...gle.com> >> --- >> Changes in v2: >> - update subject to include wifi >> - prefer memcpy() over strtomem() (thanks Kalle, Jeff) >> - rebase onto 6.6-rc7 @d88520ad73b79e71 >> - Link to v1: https://lore.kernel.org/r/20231013-strncpy-drivers-net-wireless-ath-ath10k-mac-c-v1-1-24e40201afa3@google.com >> --- >> Note: build-tested only. >> >> Found with: $ rg "strncpy\(" >> --- >> drivers/net/wireless/ath/ath10k/core.h | 2 +- >> drivers/net/wireless/ath/ath10k/mac.c | 3 +-- >> 2 files changed, 2 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/net/wireless/ath/ath10k/core.h b/drivers/net/wireless/ath/ath10k/core.h >> index 4b5239de4018..ba9795a8378a 100644 >> --- a/drivers/net/wireless/ath/ath10k/core.h >> +++ b/drivers/net/wireless/ath/ath10k/core.h >> @@ -607,7 +607,7 @@ struct ath10k_vif { >> u8 tim_bitmap[64]; >> u8 tim_len; >> u32 ssid_len; >> - u8 ssid[IEEE80211_MAX_SSID_LEN]; >> + u8 ssid[IEEE80211_MAX_SSID_LEN] __nonstring; >> bool hidden_ssid; >> /* P2P_IE with NoA attribute for P2P_GO case */ >> u32 noa_len; >> diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c >> index 03e7bc5b6c0b..f3f6deb354c6 100644 >> --- a/drivers/net/wireless/ath/ath10k/mac.c >> +++ b/drivers/net/wireless/ath/ath10k/mac.c >> @@ -6125,9 +6125,8 @@ static void ath10k_bss_info_changed(struct ieee80211_hw *hw, >> >> if (ieee80211_vif_is_mesh(vif)) { >> /* mesh doesn't use SSID but firmware needs it */ >> - strncpy(arvif->u.ap.ssid, "mesh", >> - sizeof(arvif->u.ap.ssid)); >> arvif->u.ap.ssid_len = 4; >> + memcpy(arvif->u.ap.ssid, "mesh", arvif->u.ap.ssid_len); > > This is a behavior change, isn't it? i.e. arvif->u.ap.ssid is no longer > zero-padded. Is this actually ok for the driver? yes, it is safe, and consistent with other uses of this field as noted in the commit description.
Powered by blists - more mailing lists