lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhR9MC9GhGZi_1ftycfGyeuCQ=BXgAs+v+9D-nXWg+eu=A@mail.gmail.com>
Date: Wed, 31 Jul 2024 11:51:20 -0400
From: Paul Moore <paul@...l-moore.com>
To: Jinjie Ruan <ruanjinjie@...wei.com>
Cc: eparis@...hat.com, audit@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] audit: Use strscpy instead of memcpy when copying comm

On Wed, Jul 31, 2024 at 3:46 AM Jinjie Ruan <ruanjinjie@...wei.com> wrote:
>
> There may be random garbage beyond a string's null terminator, memcpy might
> use the entire comm array. so avoid that possibility by using strscpy
> instead of memcpy.
>
> Link: https://github.com/KSPP/linux/issues/90
> Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com>
> ---
>  kernel/auditsc.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

If you look at audit_log_pid_context() you'll see that we don't record
the entire task::comm field, we only record up the NUL byte, so any
garbage present after the end of the string should not make it into
the audit record.  We use memcpy(), as opposed to any of the string
based copy functions, as the task::comm field is relatively short and
having to count the length of the string in addition to copying the
string is likely more expensive than simply copying the full buffer.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ