lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 3 Nov 2018 09:54:22 -0700
From:   Olof Johansson <olof@...om.net>
To:     Daniel Thompson <daniel.thompson@...aro.org>
Cc:     Jason Wessel <jason.wessel@...driver.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        kgdb-bugreport@...ts.sourceforge.net, prarit@...hat.com
Subject: Re: [PATCH] kdb: fix strncpy warning

On Sat, Nov 3, 2018 at 8:39 AM Daniel Thompson
<daniel.thompson@...aro.org> wrote:
>
> On Fri, Nov 02, 2018 at 02:24:05PM -0700, Olof Johansson wrote:
> > kdb does a strncpy(a, b, strlen(b)+1), which makes no sense. Might as
> > well do a strcpy at this point.
> >
> > Fixes this warning:
> >
> > In function 'strncpy', inlined from 'kallsyms_symbol_next' at kernel/debug/kdb/kdb_support.c:239:4:
> > ./include/linux/string.h:253:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
>
> I think we already have a pending patch for this:
> https://lore.kernel.org/patchwork/patch/989013/
>
> When we looked into this there actually is an unchecked overflow here so
> Prarit's fix adds infrastructure to keep track of the remaining length.

I'm not surprised that there are more bugs.

The above patch was posted a month and a half ago though, why is it
not yet merged? Can we get it in by -rc2, please?


-Olof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ