| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHP4M8VAhcTysoBRfNQSiN3fTY6GK9fTz5+hzvzoEuNfC+9CHQ@mail.gmail.com>
Date: Mon, 15 Nov 2021 12:39:15 +0530
From: Ajay Garg <ajaygargnsit@...il.com>
To: Bean Huo <huobean@...il.com>
Cc: ulf.hansson@...aro.org, adrian.hunter@...el.com,
linux-mmc@...r.kernel.org, linux-kernel@...r.kernel.org,
beanhuo@...ron.com
Subject: Re: [PATCH v1 1/2] mmc-utils: Use memcpy instead of strncpy
Hi Bean.
> - strncpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8);
> + memcpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8);
> + lbuf[8] = '\0';
Above copies exactly 8 bytes, without any regard to the sizes of
destination-buffer (lbuf) or source-buffer (ext_csd). Thus, there are
high chances of overflow/underflow/out-of-bounds.
If ext_csd contains, say a string 5 characters long, you would want to
copy 6 characters (5 for length, 1 for null-terminator).
I guess you are trying to copy as-many-bytes as possible to lbuf,
including the null-character.
Thus, strlcpy/strscpy should be used here.
Something like :
strlcpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], sizeof(lbuf));
or
strscpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], sizeof(lbuf));
Note that you do not need to worry about putting the null-terminator.
strlcpy/strscpy already take care of that for you.
Thanks and Regards,
Ajay
Powered by blists - more mailing lists