| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d53a4672-d068-c394-6ab1-058b2d72701f@redhat.com>
Date: Thu, 25 Aug 2022 10:32:58 +0100
From: Andrew Price <anprice@...hat.com>
To: Wolfram Sang <wsa+renesas@...g-engineering.com>
Cc: cluster-devel@...hat.com, linux-kernel@...r.kernel.org,
Andreas Gruenbacher <agruenba@...hat.com>,
Bob Peterson <rpeterso@...hat.com>
Subject: Re: [Cluster-devel] [PATCH] gfs2: move from strlcpy with unused
retval to strscpy
On 24/08/2022 21:08, Wolfram Sang wrote:
> Hi Andy.
>
>>> - strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
>>> - strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
>>> + strscpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
>>> + strscpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
>>
>> Perhaps the size should be changed to GFS2_LOCKNAME_LEN to match the size of
>> the destination, too.
>>
>> With that addition, this patch fixes this syzkaller report:
>>
>> https://listman.redhat.com/archives/cluster-devel/2022-August/022755.html
>
> Linus wrote another summary about strlcpy vs. strscpy use[1]. So, the
> size argument should be the size of the smaller buffer if the buffers
> are of different size. GFS2_LOCKNAME_LEN is smaller, so that looks
> suitable. Shall I resend the patch with the suggested change?
Yes, please. I can't speak for the gfs2 maintainers but I think it would
be a good plan, as the combination of strscpy and the size change fixes
a bug.
Andy
>
> All the best,
>
> Wolfram
>
> [1] https://lore.kernel.org/lkml/CAHk-=wi+xbVq++uqW9YgWpHjyBHNB8a-xad+Xp23-B+eodLCEA@mail.gmail.com/
>
Powered by blists - more mailing lists