| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0b945372-7694-c29a-41ea-3ce28d51fc22@intel.com>
Date: Sat, 13 Nov 2021 22:22:32 +0800
From: kernel test robot <yujie.liu@...el.com>
To: Arnd Bergmann <arnd@...db.de>
CC: <llvm@...ts.linux.dev>, <kbuild-all@...ts.01.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
Pavel Machek <pavel@....cz>
Subject: drivers/leds/led-class-flash.c:210:16: warning: Call to function
'strcat' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119 ...
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: fe91c4725aeed35023ba4f7a1e1adfebb6878c23
commit: 811b5440c6e4998755990fd2c1455f42f3aae3b0 led-class-flash: fix -Wrestrict warning
date: 6 weeks ago
config: i386-randconfig-c001-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=811b5440c6e4998755990fd2c1455f42f3aae3b0
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 811b5440c6e4998755990fd2c1455f42f3aae3b0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> drivers/leds/led-class-flash.c:210:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
return strlen(strcat(buf, "\n"));
^~~~~~
vim +210 drivers/leds/led-class-flash.c
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 185
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 186 static ssize_t flash_fault_show(struct device *dev,
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 187 struct device_attribute *attr, char *buf)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 188 {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 189 struct led_classdev *led_cdev = dev_get_drvdata(dev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 190 struct led_classdev_flash *fled_cdev = lcdev_to_flcdev(led_cdev);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 191 u32 fault, mask = 0x1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 192 char *pbuf = buf;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 193 int i, ret, buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 194
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 195 ret = led_get_flash_fault(fled_cdev, &fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 196 if (ret < 0)
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 197 return -EINVAL;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 198
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 199 *buf = '\0';
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 200
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 201 for (i = 0; i < LED_NUM_FLASH_FAULTS; ++i) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 202 if (fault & mask) {
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 203 buf_len = sprintf(pbuf, "%s ",
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 204 led_flash_fault_names[i]);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 205 pbuf += buf_len;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 206 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 207 mask <<= 1;
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 208 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 209
811b5440c6e4998 Arnd Bergmann 2021-09-27 @210 return strlen(strcat(buf, "\n"));
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 211 }
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 212 static DEVICE_ATTR_RO(flash_fault);
7aea8389a77abf9 Jacek Anaszewski 2015-01-09 213
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (37198 bytes)
Powered by blists - more mailing lists