lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230809070302.GR94631@unreal>
Date:   Wed, 9 Aug 2023 10:03:02 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Jijie Shao <shaojijie@...wei.com>
Cc:     yisen.zhuang@...wei.com, salil.mehta@...wei.com,
        davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, shenjian15@...wei.com, wangjie125@...wei.com,
        liuyonglong@...wei.com, chenhao418@...wei.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH net] net: hns3: fix strscpy causing content truncation
 issue

On Wed, Aug 09, 2023 at 10:09:02AM +0800, Jijie Shao wrote:
> From: Hao Chen <chenhao418@...wei.com>
> 
> hns3_dbg_fill_content()/hclge_dbg_fill_content() is aim to integrate some
> items to a string for content, and we add '\n' and '\0' in the last
> two bytes of content.
> 
> strscpy() will add '\0' in the last byte of destination buffer(one of
> items), it result in finishing content print ahead of schedule and some
> dump content truncation.
> 
> One Error log shows as below:
> cat mac_list/uc
> UC MAC_LIST:
> 
> Expected:
> UC MAC_LIST:
> FUNC_ID  MAC_ADDR            STATE
> pf       00:2b:19:05:03:00   ACTIVE
> 
> The destination buffer is length-bounded and not required to be
> NUL-terminated, so just change strscpy() to memcpy() to fix it.

I think that you should change to strtomem() and not use plain memcpy().

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ