| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ff02ffffdc130a772c01ec0edbf8d1e684b0730a.camel@perches.com>
Date: Sat, 07 Aug 2021 10:09:35 -0700
From: Joe Perches <joe@...ches.com>
To: Len Baker <len.baker@....com>, Borislav Petkov <bp@...en8.de>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Tony Luck <tony.luck@...el.com>,
James Morse <james.morse@....com>,
Robert Richter <rric@...nel.org>
Cc: Kees Cook <keescook@...omium.org>, linux-hardening@...r.kernel.org,
linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] drivers/edac/edac_mc: Remove all strcpy() uses
On Sat, 2021-08-07 at 17:59 +0200, Len Baker wrote:
> strcpy() performs no bounds checking on the destination buffer. This
> could result in linear overflows beyond the end of the buffer, leading
> to all kinds of misbehaviors. The safe replacement is strscpy().
Probably better to change the commit subject to something like
what is generally used by the subsystem.
Maybe:
EDAC/mc: Convert strcpy to strscpy
or
EDAC/mc: Prefer strscpy over strcpy
and also:
> diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
[]
> @@ -1113,11 +1115,11 @@ void edac_mc_handle_error(const enum hw_event_mc_err_type type,
> p = e->label;
> *p = '\0';
> } else {
> - if (p != e->label) {
> - strcpy(p, OTHER_LABEL);
> - p += strlen(OTHER_LABEL);
> - }
> - strcpy(p, dimm->label);
> + const char *text = (p != e->label) ? OTHER_LABEL :
> + dimm->label;
> +
> + strscpy(p, text, len);
> + len -= strlen(p);
> p += strlen(p);
Perhaps this should use scnprintf rather than strscpy
Something like:
n += scnprintf(buf + n, len - n, "%s",
p == e->label ? dim->label : OTHER_LABEL);
Powered by blists - more mailing lists