| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Jan 2022 15:24:09 -0800
From: Kees Cook <keescook@...omium.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Kees Cook <keescook@...omium.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Arnd Bergmann <arnd@...db.de>,
Jiri Prchal <jiri.prchal@...ignal.cz>,
Ralph Siemsen <ralph.siemsen@...aro.org>,
Mark Brown <broonie@...nel.org>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: [PATCH] eeprom: at25: Restore missing allocation
Building under CONFIG_FORTIFY_SOURCE=y and -Warray-bounds complained about
strncpy() being used against an empty object. It turns out this was due to
the at25 allocation going missing during a conflict resolution. Restore
this, and while we're here take the opportunity to do another strncpy()
replacement, since it's use is deprecated[1].
Seen as:
In function 'strncpy',
inlined from 'at25_fw_to_chip.constprop' at drivers/misc/eeprom/at25.c:312:2:
./include/linux/fortify-string.h:48:33: warning: '__builtin_strncpy' offset [0, 9] is out of the bounds [0, 0] [-Warray-bounds]
48 | #define __underlying_strncpy __builtin_strncpy
| ^
./include/linux/fortify-string.h:59:16: note: in expansion of macro '__underlying_strncpy'
59 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
In function 'strncpy',
inlined from 'at25_fram_to_chip' at drivers/misc/eeprom/at25.c:373:2,
inlined from 'at25_probe' at drivers/misc/eeprom/at25.c:453:10:
./include/linux/fortify-string.h:48:33: warning: '__builtin_strncpy' offset [0, 9] is out of the bounds [0, 0] [-Warray-bounds]
48 | #define __underlying_strncpy __builtin_strncpy
| ^
./include/linux/fortify-string.h:59:16: note: in expansion of macro '__underlying_strncpy'
59 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
Fixes: af40d16042d6 ("Merge v5.15-rc5 into char-misc-next")
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Jiri Prchal <jiri.prchal@...ignal.cz>
Signed-off-by: Kees Cook <keescook@...omium.org>
---
drivers/misc/eeprom/at25.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/misc/eeprom/at25.c b/drivers/misc/eeprom/at25.c
index c3305bdda69c..1a19fa5728c8 100644
--- a/drivers/misc/eeprom/at25.c
+++ b/drivers/misc/eeprom/at25.c
@@ -309,7 +309,7 @@ static int at25_fw_to_chip(struct device *dev, struct spi_eeprom *chip)
u32 val;
int err;
- strncpy(chip->name, "at25", sizeof(chip->name));
+ strscpy(chip->name, "at25", sizeof(chip->name));
err = device_property_read_u32(dev, "size", &val);
if (err)
@@ -370,7 +370,7 @@ static int at25_fram_to_chip(struct device *dev, struct spi_eeprom *chip)
u8 id[FM25_ID_LEN];
int i;
- strncpy(chip->name, "fm25", sizeof(chip->name));
+ strscpy(chip->name, "fm25", sizeof(chip->name));
/* Get ID of chip */
fm25_aux_read(at25, id, FM25_RDID, FM25_ID_LEN);
@@ -440,6 +440,10 @@ static int at25_probe(struct spi_device *spi)
return -ENXIO;
}
+ at25 = devm_kzalloc(&spi->dev, sizeof(struct at25_data), GFP_KERNEL);
+ if (!at25)
+ return -ENOMEM;
+
mutex_init(&at25->lock);
at25->spi = spi;
spi_set_drvdata(spi, at25);
--
2.30.2
Powered by blists - more mailing lists