lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 15 Sep 2014 00:13:31 +0200
From:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
To:	"Elliott, Robert (Server Storage)" <Elliott@...com>
Cc:	"James E.J. Bottomley" <JBottomley@...allels.com>,
	"linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] scsi: scsi_devinfo.c: Cleaning up unnecessarily
 complicated in conjunction with strncpy

2014-09-14 23:34 GMT+02:00 Elliott, Robert (Server Storage) <Elliott@...com>:
>
>
>> -----Original Message-----
>> From: linux-scsi-owner@...r.kernel.org [mailto:linux-scsi-
>> owner@...r.kernel.org] On Behalf Of Rickard Strandqvist
> ...
>> diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
> ...
>>  static void scsi_strcpy_devinfo(char *name, char *to, size_t to_length,
>>                               char *from, int compatible)
>>  {
>> -     size_t from_length;
>> -
>> -     from_length = strlen(from);
>> -     strncpy(to, from, min(to_length, from_length));
>> -     if (from_length < to_length) {
>> -             if (compatible) {
>> -                     /*
>> -                      * NUL terminate the string if it is short.
>> -                      */
>> -                     to[from_length] = '\0';
>> -             } else {
>> -                     /*
>> -                      * space pad the string if it is short.
>> -                      */
>> -                     strncpy(&to[from_length], spaces,
>> -                             to_length - from_length);
>> -             }
>> -     }
>> -     if (from_length > to_length)
>> -              printk(KERN_WARNING "%s: %s string '%s' is too long\n",
>> +     strncpy(to, from, to_length);
>> +     if (to[to_length - 1] != '\0') {
>> +             to[to_length - 1] = '\0';
>> +             printk(KERN_WARNING "%s: %s string '%s' is too long\n",
>>                       __func__, name, from);
>> +     }
>
> The caller of this function, scsi_dev_info_list_add_keyed, created
> the "to" destination buffer, devinfo, with kmalloc, so it's not
> guaranteed to be full of zeros.
>
> If from_length is shorter than to_length, then this code will
> be inspecting an uninitialized character that strncpy didn't
> touch.
>
> ---
> Rob Elliott    HP Server Storage
>

Hi Elliott

How do you mean?

strncpy zeroes throughout the remainder of the string "from" until the
length off to_length, or otherwise guaranteed trailing zero characters
and a warning is printed.

Is not it exactly the functionality that is desired?

Kind regards
Rickard Strandqvist
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists