lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <169868669554.1993746.6778918340957233673.kvalo@kernel.org> Date: Mon, 30 Oct 2023 17:24:57 +0000 (UTC) From: Kalle Valo <kvalo@...nel.org> To: Justin Stitt <justinstitt@...gle.com> Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, Justin Stitt <justinstitt@...gle.com> Subject: Re: [v2] wifi: airo: replace deprecated strncpy with strscpy_pad Justin Stitt <justinstitt@...gle.com> wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > `extra` is clearly supposed to be NUL-terminated which is evident by the > manual NUL-byte assignment as well as its immediate usage with strlen(). > > Moreover, let's NUL-pad since there is deliberate effort (48 instances) > made elsewhere to zero-out buffers in these getters and setters: > 6050 | memset(local->config.nodeName, 0, sizeof(local->config.nodeName)); > 6130 | memset(local->config.rates, 0, 8); > 6139 | memset(local->config.rates, 0, 8); > 6414 | memset(key.key, 0, MAX_KEY_SIZE); > 6497 | memset(extra, 0, 16); > (to be clear, strncpy also NUL-padded -- we are matching that behavior) > > Considering the above, a suitable replacement is `strscpy_pad` due to > the fact that it guarantees both NUL-termination and NUL-padding on the > destination buffer. > > We can also replace the hard-coded size of "16" to IW_ESSID_MAX_SIZE > because this function is a wext handler. > > In wext-core.c we have: > static const struct iw_ioctl_description standard_ioctl[] = { > ... > [IW_IOCTL_IDX(SIOCGIWNICKN)] = { > .header_type = IW_HEADER_TYPE_POINT, > .token_size = 1, > .max_tokens = IW_ESSID_MAX_SIZE, > }, > > So the buffer size is (strangely) IW_ESSID_MAX_SIZE > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Justin Stitt <justinstitt@...gle.com> > Reviewed-by: Jeff Johnson <quic_jjohnson@...cinc.com> Patch applied to wireless-next.git, thanks. 9beac4ee4928 wifi: airo: replace deprecated strncpy with strscpy_pad -- https://patchwork.kernel.org/project/linux-wireless/patch/20231026-strncpy-drivers-net-wireless-cisco-airo-c-v2-1-413427249e47@google.com/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists