lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 17 Jul 2023 12:33:32 +0300
From:   Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        linux-kernel@...r.kernel.org
Cc:     Kees Cook <keescook@...omium.org>
Subject: [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy()

Privided seq_show_option_n() macro breaks build with -Werror
and W=1, e.g.:

In function ‘strncpy’,
    inlined from ‘ocfs2_show_options’ at fs/ocfs2/super.c:1520:3:
include/linux/fortify-string.h:68:33: error: ‘__builtin_strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation]
   68 | #define __underlying_strncpy    __builtin_strncpy
      |                                 ^
include/linux/fortify-string.h:151:16: note: in expansion of macro ‘__underlying_strncpy’
  151 |         return __underlying_strncpy(p, q, size);
      |                ^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

While -Werror wasn't enabled by default at the time of the original code
landed into mainline, strscpy() was already there and preferred over strncpy().
Due to above mentioned issues, use the latter in seq_show_option_n().

Fixes: a068acf2ee77 ("fs: create and use seq_show_option for escaping")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
---
 include/linux/seq_file.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
index bd023dd38ae6..e87d635ca24f 100644
--- a/include/linux/seq_file.h
+++ b/include/linux/seq_file.h
@@ -260,8 +260,7 @@ static inline void seq_show_option(struct seq_file *m, const char *name,
  */
 #define seq_show_option_n(m, name, value, length) {	\
 	char val_buf[length + 1];			\
-	strncpy(val_buf, value, length);		\
-	val_buf[length] = '\0';				\
+	strscpy(val_buf, value, sizeof(val_buf));	\
 	seq_show_option(m, name, val_buf);		\
 }
 
-- 
2.40.0.1.gaa8946217a0b

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ