| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200210144512.180348-3-salyzyn@android.com>
Date: Mon, 10 Feb 2020 06:45:03 -0800
From: Mark Salyzyn <salyzyn@...roid.com>
To: linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com, Mark Salyzyn <salyzyn@...roid.com>,
"Theodore Ts'o" <tytso@....edu>, Kees Cook <keescook@...omium.org>
Subject: [PATCH 2/4 v2] init: boot_command_line can be truncated
boot_command_line may be truncated, use strnlen, strnstr and strlcpy
to handle it.
Signed-off-by: Mark Salyzyn <salyzyn@...roid.com>
Cc: linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com
Cc: "Theodore Ts'o" <tytso@....edu>
Cc: Kees Cook <keescook@...omium.org>
---
init/main.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/init/main.c b/init/main.c
index a58b72c9433e7..9f4ce0356057e 100644
--- a/init/main.c
+++ b/init/main.c
@@ -536,7 +536,7 @@ static void __init setup_command_line(char *command_line)
if (extra_init_args)
ilen = strlen(extra_init_args) + strlen(argsep_str);
- len = xlen + strlen(boot_command_line) + 1;
+ len = xlen + strnlen(boot_command_line, sizeof(boot_command_line)) + 1;
saved_command_line = memblock_alloc(len + ilen, SMP_CACHE_BYTES);
if (!saved_command_line)
@@ -555,7 +555,7 @@ static void __init setup_command_line(char *command_line)
strcpy(saved_command_line, extra_command_line);
strcpy(static_command_line, extra_command_line);
}
- strcpy(saved_command_line + xlen, boot_command_line);
+ strlcpy(saved_command_line + xlen, boot_command_line, len - xlen);
strcpy(static_command_line + xlen, command_line);
if (ilen) {
@@ -565,7 +565,8 @@ static void __init setup_command_line(char *command_line)
* to init.
*/
len = strlen(saved_command_line);
- if (!strstr(boot_command_line, argsep_str)) {
+ if (!strnstr(boot_command_line, argsep_str,
+ sizeof(boot_command_line))) {
strcpy(saved_command_line + len, argsep_str);
len += strlen(argsep_str);
} else
@@ -669,7 +670,7 @@ void __init parse_early_param(void)
return;
/* All fall through to do_early_param. */
- strlcpy(tmp_cmdline, boot_command_line, COMMAND_LINE_SIZE);
+ strlcpy(tmp_cmdline, boot_command_line, sizeof(boot_command_line));
parse_early_options(tmp_cmdline);
done = 1;
}
--
2.25.0.341.g760bfbb309-goog
Powered by blists - more mailing lists