lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHp75VdqK7h63fz-cPaQ2MGaVdaR2f1Fb5kKCZidUG3RwLsAVA@mail.gmail.com>
Date:   Sat, 8 Jan 2022 13:36:12 +0200
From:   Andy Shevchenko <andy.shevchenko@...il.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Arnd Bergmann <arnd@...db.de>,
        Jiri Prchal <jiri.prchal@...ignal.cz>,
        Ralph Siemsen <ralph.siemsen@...aro.org>,
        Mark Brown <broonie@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH] eeprom: at25: Restore missing allocation

On Sat, Jan 8, 2022 at 1:01 PM Kees Cook <keescook@...omium.org> wrote:
>
> Building under CONFIG_FORTIFY_SOURCE=y and -Warray-bounds complained about
> strncpy() being used against an empty object. It turns out this was due to
> the at25 allocation going missing during a conflict resolution. Restore
> this, and while we're here take the opportunity to do another strncpy()
> replacement, since it's use is deprecated[1].
>
> Seen as:
>
> In function 'strncpy',
>     inlined from 'at25_fw_to_chip.constprop' at drivers/misc/eeprom/at25.c:312:2:
> ./include/linux/fortify-string.h:48:33: warning: '__builtin_strncpy' offset [0, 9] is out of the bounds [0, 0] [-Warray-bounds]
>    48 | #define __underlying_strncpy    __builtin_strncpy
>       |                                 ^
> ./include/linux/fortify-string.h:59:16: note: in expansion of macro '__underlying_strncpy'
>    59 |         return __underlying_strncpy(p, q, size);
>       |                ^~~~~~~~~~~~~~~~~~~~
> In function 'strncpy',
>     inlined from 'at25_fram_to_chip' at drivers/misc/eeprom/at25.c:373:2,
>     inlined from 'at25_probe' at drivers/misc/eeprom/at25.c:453:10:
> ./include/linux/fortify-string.h:48:33: warning: '__builtin_strncpy' offset [0, 9] is out of the bounds [0, 0] [-Warray-bounds]
>    48 | #define __underlying_strncpy    __builtin_strncpy
>       |                                 ^
> ./include/linux/fortify-string.h:59:16: note: in expansion of macro '__underlying_strncpy'
>    59 |         return __underlying_strncpy(p, q, size);
>       |                ^~~~~~~~~~~~~~~~~~~~
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings

Thanks!
With or without the below comment being addressed
Reviewed-by: Andy Shevchenko <andy.shevchenko@...il.com>

> Fixes: af40d16042d6 ("Merge v5.15-rc5 into char-misc-next")
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
> Cc: Arnd Bergmann <arnd@...db.de>
> Cc: Jiri Prchal <jiri.prchal@...ignal.cz>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
>  drivers/misc/eeprom/at25.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/misc/eeprom/at25.c b/drivers/misc/eeprom/at25.c
> index c3305bdda69c..1a19fa5728c8 100644
> --- a/drivers/misc/eeprom/at25.c
> +++ b/drivers/misc/eeprom/at25.c
> @@ -309,7 +309,7 @@ static int at25_fw_to_chip(struct device *dev, struct spi_eeprom *chip)
>         u32 val;
>         int err;
>
> -       strncpy(chip->name, "at25", sizeof(chip->name));
> +       strscpy(chip->name, "at25", sizeof(chip->name));
>
>         err = device_property_read_u32(dev, "size", &val);
>         if (err)
> @@ -370,7 +370,7 @@ static int at25_fram_to_chip(struct device *dev, struct spi_eeprom *chip)
>         u8 id[FM25_ID_LEN];
>         int i;
>
> -       strncpy(chip->name, "fm25", sizeof(chip->name));
> +       strscpy(chip->name, "fm25", sizeof(chip->name));
>
>         /* Get ID of chip */
>         fm25_aux_read(at25, id, FM25_RDID, FM25_ID_LEN);
> @@ -440,6 +440,10 @@ static int at25_probe(struct spi_device *spi)
>                 return -ENXIO;
>         }
>
> +       at25 = devm_kzalloc(&spi->dev, sizeof(struct at25_data), GFP_KERNEL);

I would use sizeof(*at25) but I think you restored the exact context.

> +       if (!at25)
> +               return -ENOMEM;
> +
>         mutex_init(&at25->lock);
>         at25->spi = spi;
>         spi_set_drvdata(spi, at25);
> --
> 2.30.2
>


-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ