lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 11 Aug 2014 09:57:39 -0700
From:	David Cohen <david.a.cohen@...ux.intel.com>
To:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	Kuppuswamy Sathyanarayanan 
	<sathyanarayanan.kuppuswamy@...ux.intel.com>,
	Fei Yang <fei.yang@...el.com>,
	Fengguang Wu <fengguang.wu@...el.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arch: x86: platform: intel-mid: sfi.c:  Cleaning up
 missing null-terminate in conjunction with strncpy

Hi Rickard,

Sorry for the late reply. Just came back from vacation :)

On Sun, Jul 27, 2014 at 12:26:58AM +0200, Rickard Strandqvist wrote:
> If you are going to use memset before strncpy you must copy sizeof -1

I agree it is way safer to not reply on firmware to have the null
terminator in place. But can you provide a better patch description? :)
It would be better if it is not a line addressed directly to the author.
Please refer the null terminator concern too.

Br, David

> 
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
> ---
>  arch/x86/platform/intel-mid/sfi.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/platform/intel-mid/sfi.c b/arch/x86/platform/intel-mid/sfi.c
> index 994c40b..97e79c9 100644
> --- a/arch/x86/platform/intel-mid/sfi.c
> +++ b/arch/x86/platform/intel-mid/sfi.c
> @@ -359,7 +359,7 @@ static void __init sfi_handle_spi_dev(struct sfi_device_table_entry *pentry,
>  	void *pdata = NULL;
>  
>  	memset(&spi_info, 0, sizeof(spi_info));
> -	strncpy(spi_info.modalias, pentry->name, SFI_NAME_LEN);
> +	strncpy(spi_info.modalias, pentry->name, sizeof(spi_info.modalias) - 1);
>  	spi_info.irq = ((pentry->irq == (u8)0xff) ? 0 : pentry->irq);
>  	spi_info.bus_num = pentry->host_num;
>  	spi_info.chip_select = pentry->addr;
> @@ -389,7 +389,7 @@ static void __init sfi_handle_i2c_dev(struct sfi_device_table_entry *pentry,
>  	void *pdata = NULL;
>  
>  	memset(&i2c_info, 0, sizeof(i2c_info));
> -	strncpy(i2c_info.type, pentry->name, SFI_NAME_LEN);
> +	strncpy(i2c_info.type, pentry->name, sizeof(i2c_info.type) - 1);
>  	i2c_info.irq = ((pentry->irq == (u8)0xff) ? 0 : pentry->irq);
>  	i2c_info.addr = pentry->addr;
>  	pr_debug("I2C bus = %d, name = %16.16s, irq = 0x%2x, addr = 0x%x\n",
> -- 
> 1.7.10.4
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists