| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK8P3a07SOgW0rKPcv2wjqUShtnO_rrRYbTC=FCuiGTDtkdPvw@mail.gmail.com>
Date: Tue, 14 Jul 2020 11:01:35 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Lee Jones <lee.jones@...aro.org>
Cc: gregkh <gregkh@...uxfoundation.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Rodolfo Giometti <giometti@...eenne.com>,
"Eurotech S.p.A" <info@...otech.it>,
Geert Uytterhoeven <geert+renesas@...der.be>
Subject: Re: [PATCH 1/1] misc: c2port: core: Make copying name from userspace
more secure
On Tue, Jul 14, 2020 at 10:33 AM Lee Jones <lee.jones@...aro.org> wrote:
>
> Currently the 'c2dev' device data is not zeroed when its allocated.
> Coupled with the fact strncpy() *may not* provide a NUL terminator
> means that a 1-byte leak would be possible *if* this was ever copied
> to userspace.
>
> To prevent such a failing, let's first ensure the 'c2dev' device data
> area is fully zeroed out and ensure the buffer will always be NUL
> terminated by using the kernel's strscpy() which a) uses the
> destination (instead of the source) size as the bytes to copy and b)
> is *always* NUL terminated.
>
> Cc: Rodolfo Giometti <giometti@...eenne.com>
> Cc: "Eurotech S.p.A" <info@...otech.it>
> Reported-by: Geert Uytterhoeven <geert+renesas@...der.be>
> Signed-off-by: Lee Jones <lee.jones@...aro.org>
Acked-by: Arnd Bergmann <arnd@...db.de>
Powered by blists - more mailing lists