lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20140811175136.GB26362@psi-dev26.jf.intel.com>
Date:	Mon, 11 Aug 2014 10:51:36 -0700
From:	David Cohen <david.a.cohen@...ux.intel.com>
To:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	Kuppuswamy Sathyanarayanan 
	<sathyanarayanan.kuppuswamy@...ux.intel.com>,
	Fei Yang <fei.yang@...el.com>,
	Fengguang Wu <fengguang.wu@...el.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arch: x86: platform: intel-mid: sfi.c:  Cleaning up
 missing null-terminate in conjunction with strncpy

On Mon, Aug 11, 2014 at 09:57:39AM -0700, David Cohen wrote:
> Hi Rickard,
> 
> Sorry for the late reply. Just came back from vacation :)
> 
> On Sun, Jul 27, 2014 at 12:26:58AM +0200, Rickard Strandqvist wrote:
> > If you are going to use memset before strncpy you must copy sizeof -1
> 
> I agree it is way safer to not reply on firmware to have the null
> terminator in place. But can you provide a better patch description? :)
> It would be better if it is not a line addressed directly to the author.
> Please refer the null terminator concern too.

Guess my brain is not fully back from vacation after all :)
The patch subject mentions the null terminator.

Patch looks fine.

> 
> Br, David
> 
> > 
> > Signed-off-by: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>

Acked-by: David Cohen <david.a.cohen@...ux.intel.com>

> > ---
> >  arch/x86/platform/intel-mid/sfi.c |    4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/x86/platform/intel-mid/sfi.c b/arch/x86/platform/intel-mid/sfi.c
> > index 994c40b..97e79c9 100644
> > --- a/arch/x86/platform/intel-mid/sfi.c
> > +++ b/arch/x86/platform/intel-mid/sfi.c
> > @@ -359,7 +359,7 @@ static void __init sfi_handle_spi_dev(struct sfi_device_table_entry *pentry,
> >  	void *pdata = NULL;
> >  
> >  	memset(&spi_info, 0, sizeof(spi_info));
> > -	strncpy(spi_info.modalias, pentry->name, SFI_NAME_LEN);
> > +	strncpy(spi_info.modalias, pentry->name, sizeof(spi_info.modalias) - 1);
> >  	spi_info.irq = ((pentry->irq == (u8)0xff) ? 0 : pentry->irq);
> >  	spi_info.bus_num = pentry->host_num;
> >  	spi_info.chip_select = pentry->addr;
> > @@ -389,7 +389,7 @@ static void __init sfi_handle_i2c_dev(struct sfi_device_table_entry *pentry,
> >  	void *pdata = NULL;
> >  
> >  	memset(&i2c_info, 0, sizeof(i2c_info));
> > -	strncpy(i2c_info.type, pentry->name, SFI_NAME_LEN);
> > +	strncpy(i2c_info.type, pentry->name, sizeof(i2c_info.type) - 1);
> >  	i2c_info.irq = ((pentry->irq == (u8)0xff) ? 0 : pentry->irq);
> >  	i2c_info.addr = pentry->addr;
> >  	pr_debug("I2C bus = %d, name = %16.16s, irq = 0x%2x, addr = 0x%x\n",
> > -- 
> > 1.7.10.4
> > 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ