| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241014175427.4bcf9020@gandalf.local.home> Date: Mon, 14 Oct 2024 17:54:27 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: Kees Cook <kees@...nel.org> Cc: Justin Stitt <justinstitt@...gle.com>, Masami Hiramatsu <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v2] tracing: replace multiple deprecated strncpy with memcpy On Mon, 14 Oct 2024 14:31:29 -0700 Kees Cook <kees@...nel.org> wrote: > > We know the destination must have a NUL-terminated string. Is the src > NUL terminated? Looking at parse_pred(), it seems like no? And we can't > use memtostr_pad() here because the source buffer size isn't known at > compile time. Okay then. And there are no NUL bytes in the "str + s" > span, so yeah, it looks like memcpy() is best. > > Reviewed-by: Kees Cook <kees@...nel.org> > The code is simply breaking up parts of one string and copying the bits into other strings. Like the example that broke: $ echo 'common_pid != 0 && common_pid != 120 && common_pid != 1253 && common_pid != 17 && common_pid != 394 && common_pid != 81 && common_pid != 87' > /sys/kernel/tracing/events/sched/sched_switch/filter It would need to move each of the above tokens "common_pid", "!=", "0", "&&", etc into their own strings for later processing. The parser finds the start and end of the location needed to copy, so memcpy() followed by a nul byte is fine. -- Steve
Powered by blists - more mailing lists