lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Jul 2021 08:37:47 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Len Baker <len.baker@....com>
Cc:     Larry Finger <Larry.Finger@...inger.net>,
        Florian Schilhabel <florian.c.schilhabel@...glemail.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Pavel Skripkin <paskripkin@...il.com>,
        linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging/rtl8712: Remove all strcpy() uses in favor of
 strscpy()

On Sat, Jul 17, 2021 at 05:51:45PM +0200, Len Baker wrote:
> strcpy() performs no bounds checking on the destination buffer. This
> could result in linear overflows beyond the end of the buffer, leading
> to all kinds of misbehaviors. The safe replacement is strscpy().
> 
> Signed-off-by: Len Baker <len.baker@....com>
> ---
>  drivers/staging/rtl8712/os_intfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c
> index 2214aca09730..9502f6aa5306 100644
> --- a/drivers/staging/rtl8712/os_intfs.c
> +++ b/drivers/staging/rtl8712/os_intfs.c
> @@ -203,7 +203,7 @@ struct net_device *r8712_init_netdev(void)
>  	if (!pnetdev)
>  		return NULL;
>  	if (dev_alloc_name(pnetdev, ifname) < 0) {
> -		strcpy(ifname, "wlan%d");
> +		strscpy(ifname, "wlan%d", sizeof(ifname));
>  		dev_alloc_name(pnetdev, ifname);

Not related to your patch but this code is bad.  What it does is the
"ifname" can be set as a module parameter.  So instead of testing if it
has been set, it uses the checking inside dev_alloc_name() to see if we
can allocate what the user requested.  If not then set it to "wlan%d".
If we cannot allocate what the user wants then we should return an
error.

It should do:

	if (ifname[0] == '\0')
		strscpy(ifname, "wlan%d", sizeof(ifname));

	ret = dev_alloc_name(pnetdev, ifname);
	if (ret < 0) {
		dev_err(pnetdev, "allocating device name failed.\n");
		return NULL;
	}

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ