| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Nov 2018 12:55:44 +0100
From: David Herrmann <dh.herrmann@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: labbott@...hat.com,
"open list:HID CORE LAYER" <linux-input@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
Jiri Kosina <jikos@...nel.org>,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
xiongfeng.wang@...aro.org
Subject: Re: [PATCH] Revert "HID: uhid: use strlcpy() instead of strncpy()"
Hi
On Thu, Nov 15, 2018 at 12:09 AM Kees Cook <keescook@...omium.org> wrote:
> On Wed, Nov 14, 2018 at 9:40 AM, Laura Abbott <labbott@...hat.com> wrote:
[...]
> > Can we switch to strscpy instead? This will quiet gcc and avoid the
> > issues with strlcpy.
>
> Yes please: it looks like these strings are expected to be NUL
> terminated, so strscpy() without the "- 1" and min() logic would be
> the correct solution here.
"the correct solution"? To my knowledge the original code was correct
as well. Am I missing something?
> If @hid is already zero, then this would
> just be:
>
> strscpy(hid->name, ev->u.create2.name, sizeof(hid->name));
> strscpy(hid->phys, ev->u.create2.phys, sizeof(hid->phys));
> strscpy(hid->uniq, ev->u.create2.uniq, sizeof(hid->uniq));
>
> If they are NOT NUL terminated, then keep using strncpy() but mark the
> fields in the struct with the __nonstring attribute.
They are supposed to be NUL terminated, but for compatibility reasons
we allow them to be not. So I don't think your proposal is safe.
Thanks
David
Powered by blists - more mailing lists