lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z37HQC07ZIYQ2XvZ@google.com>
Date: Wed, 8 Jan 2025 10:43:12 -0800
From: Isaac Manjarres <isaacmanjarres@...gle.com>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: lorenzo.stoakes@...cle.com, Andrew Morton <akpm@...ux-foundation.org>,
	kaleshsingh@...gle.com, jstultz@...gle.com, surenb@...gle.com,
	kernel-team@...roid.com, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] mm/memfd: Use strncpy_from_user() to read memfd
 name

On Wed, Jan 08, 2025 at 02:43:12PM +0100, Alice Ryhl wrote:
> On Tue, Jan 7, 2025 at 7:48 PM Isaac J. Manjarres
> <isaacmanjarres@...gle.com> wrote:
> >
> > The existing logic uses strnlen_user() to calculate the length of the
> > memfd name from userspace and then copies the string into a buffer using
> > copy_from_user(). This is error-prone, as the string length
> > could have changed between the time when it was calculated and when the
> > string was copied. The existing logic handles this by ensuring that the
> > last byte in the buffer is the terminating zero.
> >
> > This handling is contrived and can better be handled by using
> > strncpy_from_user(), which gets the length of the string and copies
> > it in one shot. Therefore, simplify the logic for copying the memfd
> > name by using strncpy_from_user().
> >
> > No functional change.
> >
> > Signed-off-by: Isaac J. Manjarres <isaacmanjarres@...gle.com>
> 
> Looks okay to me. One nit below, but:
> 
> Reviewed-by: Alice Ryhl <aliceryhl@...gle.com>
> 
> > +       /* length does not include terminating zero */
> > +       len = strncpy_from_user(name + MFD_NAME_PREFIX_LEN, uname, MFD_NAME_MAX_LEN + 1);
> 
> Can we have this comment say "returned length" instead of just
> "length"? Or just remove the comment. Initially I thought you were
> talking about the last argument, and I was confused as that does
> include the nul-terminator.
> 
> Alice

Yes, I will update it to say returned length and add your "Reviewed-by"
tag. Thanks for this!

--Isaac

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ