lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202309200834.2D2F0777@keescook>
Date:   Wed, 20 Sep 2023 08:35:31 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Thomas Weißschuh <thomas@...ch.de>
Cc:     Justin Stitt <justinstitt@...gle.com>,
        Jean Delvare <jdelvare@...e.com>,
        Guenter Roeck <linux@...ck-us.net>,
        linux-hwmon@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] hwmon: refactor deprecated strncpy

On Tue, Sep 19, 2023 at 09:02:49AM +0200, Thomas Weißschuh wrote:
> On 2023-09-19 05:07:55+0000, Justin Stitt wrote:
> > `strncpy` is deprecated for use on NUL-terminated destination strings [1].
> > 
> > A trailing zero is already handled by the kcalloc
> > |	*str = kcalloc(element->string.length + 1, sizeof(u8), GFP_KERNEL);
> > ... which makes memcpy() a suitable replacement to strncpy.
> > 
> > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> > Link: https://github.com/KSPP/linux/issues/90
> > Cc: linux-hardening@...r.kernel.org
> > Signed-off-by: Justin Stitt <justinstitt@...gle.com>
> > ---
> > Changes in v2:
> > - use memcpy over strscpy (thanks Kees)
> > - Link to v1: https://lore.kernel.org/r/20230914-strncpy-drivers-hwmon-acpi_power_meter-c-v1-1-905297479fe8@google.com
> > ---
> >  drivers/hwmon/acpi_power_meter.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
> > index fa28d447f0df..82e99aec4a33 100644
> > --- a/drivers/hwmon/acpi_power_meter.c
> > +++ b/drivers/hwmon/acpi_power_meter.c
> > @@ -803,7 +803,7 @@ static int read_capabilities(struct acpi_power_meter_resource *resource)
> >  			goto error;
> >  		}
> >  
> > -		strncpy(*str, element->string.pointer, element->string.length);
> > +		memcpy(*str, element->string.pointer, element->string.length);
> 
> Isn't this now essentially the same as kmemdup_nul()?

Ah, yeah, good catch. I should add a note that the reverse of strtomem()
is kmemdup_nul() :)

Justin, can you refactor this to use kmemdup_nul() instead?

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ