lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com>
Date:   Sat, 13 Nov 2021 22:22:32 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Arnd Bergmann <arnd@...db.de>
CC:     <llvm@...ts.linux.dev>, <kbuild-all@...ts.01.org>,
        "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
        Pavel Machek <pavel@....cz>
Subject: drivers/leds/led-class-flash.c:210:16: warning: Call to function
 'strcat' is insecure as it does not provide bounding of the memory buffer.
 Replace unbounded copy functions with analogous functions that support length
 arguments such as 'strlcat'. CWE-119 ...

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date:   6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
         chmod +x ~/bin/make.cross
         # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
         git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
         git fetch --no-tags linus master
         git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
         # save the attached .config to linux build tree
         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


clang-analyzer warnings: (new ones prefixed by >>)

 >> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
            return strlen(strcat(buf, "\n"));
                          ^~~~~~


vim +210 drivers/leds/led-class-flash.c

7aea8389a77abf9 Jacek Anaszewski 2015-01-09  185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  186  static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  187  		struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  188  {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  189  	struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  190  	struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  191  	u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  192  	char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  193  	int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  195  	ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  196  	if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  197  		return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  199  	*buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  201  	for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  202  		if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  203  			buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  204  					  led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  205  			pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  206  		}
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  207  		mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  208  	}
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  209
811b5440c6e4998 Arnd Bergmann    2021-09-27 @210  	return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  211  }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  212  static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09  213

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (37198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ