lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20221118195031.691815-1-artem.chernyshev@red-soft.ru>
Date:   Fri, 18 Nov 2022 22:50:31 +0300
From:   Artem Chernyshev <artem.chernyshev@...-soft.ru>
To:     Chris Mason <clm@...com>, David Sterba <dsterba@...e.com>
Cc:     Artem Chernyshev <artem.chernyshev@...-soft.ru>,
        Josef Bacik <josef@...icpanda.com>,
        linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
        lvc-project@...uxtesting.org
Subject: [PATCH] btrsf: rcu_string: Replace strncpy() with strscpy()

Using strncpy() on NUL-terminated strings are deprecated.
To avoid possible forming of non-terminated string
strscpy() could be used.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 606686eeac45 ("Btrfs: use rcu to protect device->name")
Signed-off-by: Artem Chernyshev <artem.chernyshev@...-soft.ru>
---
 fs/btrfs/rcu-string.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/rcu-string.h b/fs/btrfs/rcu-string.h
index 5c1a617eb25d..d9894da7a05a 100644
--- a/fs/btrfs/rcu-string.h
+++ b/fs/btrfs/rcu-string.h
@@ -18,7 +18,10 @@ static inline struct rcu_string *rcu_string_strdup(const char *src, gfp_t mask)
 					 (len * sizeof(char)), mask);
 	if (!ret)
 		return ret;
-	strncpy(ret->str, src, len);
+	if (WARN_ON(strscpy(ret->str, src, len) < 0)) {
+		kfree(ret);
+		return NULL;
+	}
 	return ret;
 }
 
-- 
2.30.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ