lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2348e646-e1da-4deb-ab55-c438a42e25b3@wanadoo.fr>
Date: Tue, 20 Aug 2024 21:38:22 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Abhishek Tamboli <abhishektamboli9@...il.com>, gregkh@...uxfoundation.org
Cc: tdavies@...kphysics.net, philipp.g.hortmann@...il.com,
 garyrookard@...tmail.org, linux-staging@...ts.linux.dev,
 skhan@...uxfoundation.org, rbmarliere@...il.com,
 linux-kernel-mentees@...ts.linuxfoundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: rtl8192e: Replace strcpy with strscpy in
 rtl819x_translate_scan

Le 20/08/2024 à 20:42, Abhishek Tamboli a écrit :
> Replace strcpy() with strscpy() in rtl819x_translate_scan()
> function to ensure buffer safety.
> 
> Signed-off-by: Abhishek Tamboli <abhishektamboli9@...il.com>
> ---
>   drivers/staging/rtl8192e/rtllib_wx.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/rtl8192e/rtllib_wx.c b/drivers/staging/rtl8192e/rtllib_wx.c
> index fbd4ec824084..970b7fcb3f7e 100644
> --- a/drivers/staging/rtl8192e/rtllib_wx.c
> +++ b/drivers/staging/rtl8192e/rtllib_wx.c
> @@ -61,7 +61,7 @@ static inline char *rtl819x_translate_scan(struct rtllib_device *ieee,
>   	iwe.cmd = SIOCGIWNAME;
>   	for (i = 0; i < ARRAY_SIZE(rtllib_modes); i++) {
>   		if (network->mode & BIT(i)) {
> -			strcpy(pname, rtllib_modes[i]);
> +			strscpy(pname, rtllib_modes[i], sizeof(pname));

This not correct.

sizeof(pname) is 4 here, but the buffer that is really used is "char 
proto_name[6];"

6 chars are needed for storing "N-24G" (see rtllib_modes), so 5 chars + 
ending \0.



When you will send a v2, here are a few others things you could give a 
look at:
    - is 'pname' really needed or is 'proto_name' enough?
    - what about the "*pname = '\0';" after the loop?
    - if a "mode" matches, do we need to iterate the whole rtllib_modes 
array? (have a look at wireless_mode)

CJ




>   			pname += strlen(rtllib_modes[i]);
>   		}
>   	}
> --
> 2.34.1
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ