| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250314130614.729131f6@pumpkin>
Date: Fri, 14 Mar 2025 13:06:14 +0000
From: David Laight <david.laight.linux@...il.com>
To: Kees Cook <kees@...nel.org>
Cc: Jack Wang <jinpu.wang@...ud.ionos.com>, "James E.J. Bottomley"
<James.Bottomley@...senPartnership.com>, "Martin K. Petersen"
<martin.petersen@...cle.com>, linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] scsi: pm80xx: Use C String API for string
comparisons
On Wed, 12 Mar 2025 13:05:36 -0700
Kees Cook <kees@...nel.org> wrote:
> When a character array without a terminating NUL character has a static
> initializer, GCC 15's -Wunterminated-string-initialization will only
> warn if the array lacks the "nonstring" attribute[1]. There is no reason
> for the command lookup logic to not use strcmp(), so grow the string
> length and update the check to eliminate the warning:
>
> ../drivers/scsi/pm8001/pm8001_ctl.c:652:7: warning: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (9 chars into 8 available) [-Wunterminated-string-initialization]
> 652 | {"set_nvmd", FLASH_CMD_SET_NVMD},
> | ^~~~~~~~~~
>
Did you look at the code just before it?
It is horrid beyond belief.
The function parameters include 'buf' and 'count'.
There is no real indication buf[] is '\0' terminated, but it does:
cmd_ptr = kcalloc(count, 2, GFP_KERNEL);
if (!cmd_ptr) {
pm8001_ha->fw_status = FAIL_OUT_MEMORY;
return -ENOMEM;
}
filename_ptr = cmd_ptr + count;
res = sscanf(buf, "%s %s", cmd_ptr, filename_ptr);
The search loop is then using cmd_ptr.
It only needs to find the separating ' ', no need to copy anything.
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117178 [1]
> Signed-off-by: Kees Cook <kees@...nel.org>
> ---
> In taking another look at this, I realize that actually strcmp() should be used,
> so just grow the size of this character array and use strcmp().
> v1: https://lore.kernel.org/lkml/20250310222553.work.437-kees@kernel.org/
> v2: Use strcmp()
> ---
> Cc: Jack Wang <jinpu.wang@...ud.ionos.com>
> Cc: "James E.J. Bottomley" <James.Bottomley@...senPartnership.com>
> Cc: "Martin K. Petersen" <martin.petersen@...cle.com>
> Cc: linux-scsi@...r.kernel.org
> ---
> drivers/scsi/pm8001/pm8001_ctl.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/pm8001/pm8001_ctl.c b/drivers/scsi/pm8001/pm8001_ctl.c
> index 85ff95c6543a..bb8fd5f0f441 100644
> --- a/drivers/scsi/pm8001/pm8001_ctl.c
> +++ b/drivers/scsi/pm8001/pm8001_ctl.c
> @@ -644,7 +644,7 @@ static DEVICE_ATTR(gsm_log, S_IRUGO, pm8001_ctl_gsm_log_show, NULL);
> #define FLASH_CMD_SET_NVMD 0x02
>
> struct flash_command {
> - u8 command[8];
> + u8 command[9];
> int code;
'code' can only be 0/1/2 - so could be u8 to remove the padding.
> };
>
> @@ -825,8 +825,7 @@ static ssize_t pm8001_store_update_fw(struct device *cdev,
> }
>
> for (i = 0; flash_command_table[i].code != FLASH_CMD_NONE; i++) {
> - if (!memcmp(flash_command_table[i].command,
> - cmd_ptr, strlen(cmd_ptr))) {
> + if (!strcmp(flash_command_table[i].command, cmd_ptr)) {
> flash_command = flash_command_table[i].code;
This looks like a API change since an unique initial portion used to
be enough. the strcmp() requires a full match.
David
> break;
> }
Powered by blists - more mailing lists