| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhR9MC9GhGZi_1ftycfGyeuCQ=BXgAs+v+9D-nXWg+eu=A@mail.gmail.com> Date: Wed, 31 Jul 2024 11:51:20 -0400 From: Paul Moore <paul@...l-moore.com> To: Jinjie Ruan <ruanjinjie@...wei.com> Cc: eparis@...hat.com, audit@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] audit: Use strscpy instead of memcpy when copying comm On Wed, Jul 31, 2024 at 3:46 AM Jinjie Ruan <ruanjinjie@...wei.com> wrote: > > There may be random garbage beyond a string's null terminator, memcpy might > use the entire comm array. so avoid that possibility by using strscpy > instead of memcpy. > > Link: https://github.com/KSPP/linux/issues/90 > Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com> > --- > kernel/auditsc.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) If you look at audit_log_pid_context() you'll see that we don't record the entire task::comm field, we only record up the NUL byte, so any garbage present after the end of the string should not make it into the audit record. We use memcpy(), as opposed to any of the string based copy functions, as the task::comm field is relatively short and having to count the length of the string in addition to copying the string is likely more expensive than simply copying the full buffer. -- paul-moore.com
Powered by blists - more mailing lists