lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jLdKk+WBhPLfZoQbbXqh7nsRftu-nJrvDs7KLdcs6knxg@mail.gmail.com> Date: Wed, 6 Dec 2017 15:09:20 -0800 From: Kees Cook <keescook@...omium.org> To: Ingo Molnar <mingo@...nel.org> Cc: Arnd Bergmann <arnd@...db.de>, Alexander Viro <viro@...iv.linux.org.uk>, Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Serge Hallyn <serge@...lyn.com>, James Morris <james.l.morris@...cle.com>, Andrew Morton <akpm@...ux-foundation.org>, Aleksa Sarai <asarai@...e.de>, "Eric W. Biederman" <ebiederm@...ssion.com>, Frederic Weisbecker <frederic@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2] exec: avoid gcc-8 warning for get_task_comm On Wed, Dec 6, 2017 at 9:49 AM, Ingo Molnar <mingo@...nel.org> wrote: > > * Arnd Bergmann <arnd@...db.de> wrote: > >> gcc-8 warns about using strncpy() with the source size as the limit: >> >> fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] >> >> This is indeed slightly suspicious, as it protects us from source >> arguments without NUL-termination, but does not guarantee that the >> destination is terminated. >> >> This keeps the strncpy() to ensure we have properly padded target buffer, >> but ensures that we use the correct length, by passing the actual length >> of the destination buffer as well as adding a build-time check to ensure >> it is exactly TASK_COMM_LEN. There are only 23 callsights which I all >> reviewed to ensure this is currently the case. We could get away with >> doing only the check or passing the right length, but it doesn't hurt >> to do both. >> >> Suggested-by: Kees Cook <keescook@...omium.org> >> Signed-off-by: Arnd Bergmann <arnd@...db.de> > > Looks useful. > > Acked-by: Ingo Molnar <mingo@...nel.org> Ingo, can you take this into -tip, or should this go via -mm or some other tree? -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists