lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fa2fd44d-8cd7-b700-2e7b-d88c9c52507d@arm.com>
Date:   Wed, 28 Jul 2021 10:36:09 +0100
From:   Robin Murphy <robin.murphy@....com>
To:     David Laight <David.Laight@...LAB.COM>,
        'Geert Uytterhoeven' <geert@...ux-m68k.org>,
        Len Baker <len.baker@....com>
Cc:     Kees Cook <keescook@...omium.org>, Andy Gross <agross@...nel.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Magnus Damm <magnus.damm@...il.com>,
        Santosh Shilimkar <ssantosh@...nel.org>,
        "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
        linux-arm-msm <linux-arm-msm@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] drivers/soc: Remove all strcpy() uses in favor of
 strscpy()

On 2021-07-28 09:36, David Laight wrote:
> From: Geert Uytterhoeven
>> Sent: 26 July 2021 09:03
>>
>> Hi Len,
>>
>> On Sun, Jul 25, 2021 at 5:15 PM Len Baker <len.baker@....com> wrote:
>>> strcpy() performs no bounds checking on the destination buffer. This
>>> could result in linear overflows beyond the end of the buffer, leading
>>> to all kinds of misbehaviors. The safe replacement is strscpy().
>>>
>>> Signed-off-by: Len Baker <len.baker@....com>
>>
>> Thanks for your patch!
>>
>>> ---
>>> This is a task of the KSPP [1]
>>>
>>> [1] https://github.com/KSPP/linux/issues/88
>>
>> Any chance the almost one year old question in that ticket can be
>> answered?
>>
>>>   drivers/soc/renesas/rcar-sysc.c     |  6 ++++--
>>
>> Reviewed-by: Geert Uytterhoeven <geert+renesas@...der.be>
>>
>> But please see my comments below...
>>
>>> --- a/drivers/soc/renesas/r8a779a0-sysc.c
>>> +++ b/drivers/soc/renesas/r8a779a0-sysc.c
>>> @@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void)
>>>          for (i = 0; i < info->num_areas; i++) {
>>>                  const struct r8a779a0_sysc_area *area = &info->areas[i];
>>>                  struct r8a779a0_sysc_pd *pd;
>>> +               size_t area_name_size;
>>
>> I wouldn't mind a shorter name, like "n".
>>
>>>
>>>                  if (!area->name) {
>>>                          /* Skip NULLified area */
>>>                          continue;
>>>                  }
>>>
>>> -               pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
>>> +               area_name_size = strlen(area->name) + 1;
>>> +               pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL);
>>>                  if (!pd) {
>>>                          error = -ENOMEM;
>>>                          goto out_put;
>>>                  }
>>>
>>> -               strcpy(pd->name, area->name);
>>> +               strscpy(pd->name, area->name, area_name_size);
> 
> You can just use memcpy().

Indeed. In fact I'd go as far as saying that it might be worth teaching 
static checkers to recognise patterns that boil down to strscpy(dst, 
src, strlen(src) + 1) and flag them as suspect, because AFAICS that 
would always represent either an unnecessarily elaborate memcpy(), or 
far worse just an obfuscated strcpy().

Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ