lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Nov 2023 10:59:45 +0100 From: Christian König <christian.koenig@....com> To: "T.J. Mercier" <tjmercier@...gle.com>, Kees Cook <keescook@...omium.org> Cc: Sumit Semwal <sumit.semwal@...aro.org>, linux-kernel@...r.kernel.org, dri-devel@...ts.freedesktop.org, Azeem Shaikh <azeemshaikh38@...il.com>, linaro-mm-sig@...ts.linaro.org, linux-hardening@...r.kernel.org, linux-media@...r.kernel.org Subject: Re: [PATCH] dma-buf: Replace strlcpy() with strscpy() Am 17.11.23 um 19:50 schrieb T.J. Mercier: > On Thu, Nov 16, 2023 at 11:14 AM Kees Cook <keescook@...omium.org> wrote: >> strlcpy() reads the entire source buffer first. This read may exceed >> the destination size limit. This is both inefficient and can lead >> to linear read overflows if a source string is not NUL-terminated[1]. >> Additionally, it returns the size of the source string, not the >> resulting size of the destination string. In an effort to remove strlcpy() >> completely[2], replace strlcpy() here with strscpy(). >> >> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1] >> Link: https://github.com/KSPP/linux/issues/89 [2] >> Cc: Sumit Semwal <sumit.semwal@...aro.org> >> Cc: "Christian König" <christian.koenig@....com> >> Cc: Azeem Shaikh <azeemshaikh38@...il.com> >> Cc: linux-media@...r.kernel.org >> Cc: dri-devel@...ts.freedesktop.org >> Cc: linaro-mm-sig@...ts.linaro.org >> Signed-off-by: Kees Cook <keescook@...omium.org> > Reviewed-by: T.J. Mercier <tjmercier@...gle.com> > > strscpy returns -E2BIG when it truncates / force null-terminates which > would provide the wrong argument for dynamic_dname, but > dma_buf_set_name{_user} makes sure we have a null-terminated string of > the appropriate maximum size in dmabuf->name. Thanks for that background check, I was about to note that this might not be a good idea. Linus pretty clearly stated that he doesn't want to see patches like that one here, see this article as well. https://lwn.net/Articles/659214/ I think the commit message gives enough reason to merge the patch, so I'm going to push it to drm-misc-next. But please make sure to triple check stuff like this before sending. Thanks, Christian.
Powered by blists - more mailing lists