| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Feb 2022 12:25:48 -0800
From: Kees Cook <keescook@...omium.org>
To: Muhammad Usama Anjum <usama.anjum@...labora.com>
Cc: Kees Cook <keescook@...omium.org>, Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: [PATCH] lkdtm/fortify: Swap memcpy() for strncpy()
The memcpy() runtime defenses are still not landed, so test with
strncpy() for now.
Reported-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Kees Cook <keescook@...omium.org>
---
drivers/misc/lkdtm/fortify.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c
index d06458a4858e..ab33bb5e2e7a 100644
--- a/drivers/misc/lkdtm/fortify.c
+++ b/drivers/misc/lkdtm/fortify.c
@@ -44,14 +44,14 @@ void lkdtm_FORTIFIED_SUBOBJECT(void)
strscpy(src, "over ten bytes", size);
size = strlen(src) + 1;
- pr_info("trying to strcpy past the end of a member of a struct\n");
+ pr_info("trying to strncpy past the end of a member of a struct\n");
/*
- * memcpy(target.a, src, 20); will hit a compile error because the
+ * strncpy(target.a, src, 20); will hit a compile error because the
* compiler knows at build time that target.a < 20 bytes. Use a
* volatile to force a runtime error.
*/
- memcpy(target.a, src, size);
+ strncpy(target.a, src, size);
/* Store result to global to prevent the code from being eliminated */
fortify_scratch_space = target.a[3];
--
2.30.2
Powered by blists - more mailing lists