lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181103153925.ozyb4pqnixu6hw4z@holly.lan>
Date:   Sat, 3 Nov 2018 15:39:25 +0000
From:   Daniel Thompson <daniel.thompson@...aro.org>
To:     Olof Johansson <olof@...om.net>
Cc:     Jason Wessel <jason.wessel@...driver.com>,
        linux-kernel@...r.kernel.org, kgdb-bugreport@...ts.sourceforge.net,
        prarit@...hat.com
Subject: Re: [PATCH] kdb: fix strncpy warning

On Fri, Nov 02, 2018 at 02:24:05PM -0700, Olof Johansson wrote:
> kdb does a strncpy(a, b, strlen(b)+1), which makes no sense. Might as
> well do a strcpy at this point.
> 
> Fixes this warning:
> 
> In function 'strncpy', inlined from 'kallsyms_symbol_next' at kernel/debug/kdb/kdb_support.c:239:4:
> ./include/linux/string.h:253:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]

I think we already have a pending patch for this:
https://lore.kernel.org/patchwork/patch/989013/

When we looked into this there actually is an unchecked overflow here so
Prarit's fix adds infrastructure to keep track of the remaining length.


Daniel.


> 
> Signed-off-by: Olof Johansson <olof@...om.net>
> ---
>  kernel/debug/kdb/kdb_support.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/debug/kdb/kdb_support.c b/kernel/debug/kdb/kdb_support.c
> index 990b3cc526c8..d5af8b38b84d 100644
> --- a/kernel/debug/kdb/kdb_support.c
> +++ b/kernel/debug/kdb/kdb_support.c
> @@ -236,7 +236,7 @@ int kallsyms_symbol_next(char *prefix_name, int flag)
>  
>  	while ((name = kdb_walk_kallsyms(&pos))) {
>  		if (strncmp(name, prefix_name, prefix_len) == 0) {
> -			strncpy(prefix_name, name, strlen(name)+1);
> +			strcpy(prefix_name, name);
>  			return 1;
>  		}
>  	}
> -- 
> 2.11.0
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ