lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4e0da12a-62ed-47fa-9f75-a7de10bd8dc0@ghiti.fr>
Date: Wed, 10 Jan 2024 07:38:48 +0100
From: Alexandre Ghiti <alex@...ti.fr>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>,
 Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt
 <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>,
 Alexandre Ghiti <alexghiti@...osinc.com>, Björn Töpel
 <bjorn@...osinc.com>
Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
 Palmer Dabbelt <palmer@...osinc.com>, linux-riscv@...ts.infradead.org
Subject: Re: [PATCH] riscv: Fix an off-by-one in get_early_cmdline()

Hi Christophe,

On 29/10/2023 08:20, Christophe JAILLET wrote:
> The ending NULL is not taken into account by strncat(), so switch to
> strlcat() to correctly compute the size of the available memory when
> appending CONFIG_CMDLINE to 'early_cmdline'.
>
> Fixes: 26e7aacb83df ("riscv: Allow to downgrade paging mode from the command line")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> ---
>   arch/riscv/kernel/pi/cmdline_early.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c
> index 68e786c84c94..f6d4dedffb84 100644
> --- a/arch/riscv/kernel/pi/cmdline_early.c
> +++ b/arch/riscv/kernel/pi/cmdline_early.c
> @@ -38,8 +38,7 @@ static char *get_early_cmdline(uintptr_t dtb_pa)
>   	if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
>   	    IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
>   	    fdt_cmdline_size == 0 /* CONFIG_CMDLINE_FALLBACK */) {
> -		strncat(early_cmdline, CONFIG_CMDLINE,
> -			COMMAND_LINE_SIZE - fdt_cmdline_size);
> +		strlcat(early_cmdline, CONFIG_CMDLINE, COMMAND_LINE_SIZE);
>   	}
>   
>   	return early_cmdline;

This looks good to me, you can add:

Reviewed-by: Alexandre Ghiti <alexghiti@...osinc.com>

Thanks,

Alex


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ