lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <8b771062-7ce9-4b00-a488-91b231a1476e@app.fastmail.com>
Date: Mon, 08 Apr 2024 17:38:24 +0200
From: "Arnd Bergmann" <arnd@...db.de>
To: "Justin Stitt" <justinstitt@...gle.com>, "Arnd Bergmann" <arnd@...nel.org>
Cc: linux-kernel@...r.kernel.org, "Andrew Morton" <akpm@...ux-foundation.org>
Subject: Re: [PATCH 05/11] test_hexdump: avoid string truncation warning

On Fri, Mar 29, 2024, at 00:54, Justin Stitt wrote:
> On Thu, Mar 28, 2024 at 03:04:49PM +0100, Arnd Bergmann wrote:
>> From: Arnd Bergmann <arnd@...db.de>
>> 
>> gcc can warn when a string is too long to fit into the strncpy()
>> destination buffer, as it is here depending on the function
>> arguments:
>> 
>>     inlined from 'test_hexdump_prepare_test.constprop' at /home/arnd/arm-soc/lib/test_hexdump.c:116:3:
>> include/linux/fortify-string.h:108:33: error: '__builtin_strncpy' output truncated copying between 0 and 32 bytes from a string of length 32 [-Werror=stringop-truncation]
>>   108 | #define __underlying_strncpy    __builtin_strncpy
>>       |                                 ^
>> include/linux/fortify-string.h:187:16: note: in expansion of macro '__underlying_strncpy'
>>   187 |         return __underlying_strncpy(p, q, size);
>>       |                ^~~~~~~~~~~~~~~~~~~~
>> 
>> As far as I can tell, this is harmless here because the truncation is
>> intentional, but using strscpy_pad() will avoid the warning since gcc
>> does not (yet) know about it.
>>
>
> We need to be careful. strscpy() or strscpy_pad() are not drop-in
> replacements for strncpy().

[cut useful explanation]
> It is possible I haven't fully considered the context of this change but
> I think using strscpy_pad() will cause these tests to fail, if they
> aren't failing I think we're getting lucky.

You are correct. I do understand the nuances between strncpy()
and strscpy(), but I failed to read this file properly.

I'm still not entirely sure, but from my current reading, I think
we can just use memcpy() to replace the strncpy() here, as both
the input string data_b[] and the output real[TEST_HEXDUMP_BUF_SIZE]
are sized to cover every possible 'len' value. This also follows
what Linus did for the other original strncpy in b1286ed7158e
("test_hexdump: use memcpy instead of strncpy()").

I've reworked the patch based on that assumption now and rewritten
the changelog text accordingly.

     Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ