| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202306141049.BF86FA8F1F@keescook>
Date: Wed, 14 Jun 2023 10:51:01 -0700
From: Kees Cook <keescook@...omium.org>
To: Azeem Shaikh <azeemshaikh38@...il.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-hardening@...r.kernel.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org,
Albert Briscoe <albertsbriscoe@...il.com>,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
Andrzej Pietrasiewicz <andrzej.p@...labora.com>
Subject: Re: [PATCH] usb: gadget: function: printer: Replace strlcpy with
strscpy
On Wed, Jun 14, 2023 at 10:12:14AM -0400, Azeem Shaikh wrote:
> On Tue, Jun 13, 2023 at 3:30 PM Kees Cook <keescook@...omium.org> wrote:
> >
> > On Tue, Jun 13, 2023 at 12:43:41AM +0000, Azeem Shaikh wrote:
> [...]
> > > - result = strlcpy(page, opts->pnp_string, PAGE_SIZE);
> > > - if (result >= PAGE_SIZE) {
> > > + result = strscpy(page, opts->pnp_string, PAGE_SIZE);
> > > + if (result == -E2BIG) {
> >
> > I think "< 1" might be a better test here.
>
> Curious, why "< 1" instead of "< 0"?
>
> > > result = PAGE_SIZE;
> > > } else if (page[result - 1] != '\n' && result + 1 < PAGE_SIZE) {
It's for this case above where "result" may be used in an array index,
and if it's 0 or less, there will be a negative array index (due to the "-
1"). So, here, it needs to be "< 1" instead of the more traditional "< 0".
--
Kees Cook
Powered by blists - more mailing lists