lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aD1hN2w2__fZ2hWH@google.com>
Date: Mon, 2 Jun 2025 08:30:47 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: Benno Lossin <lossin@...nel.org>
Cc: Miguel Ojeda <ojeda@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, 
	Alexander Viro <viro@...iv.linux.org.uk>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
	Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, 
	"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, 
	Andreas Hindborg <a.hindborg@...nel.org>, Trevor Gross <tmgross@...ch.edu>, 
	Danilo Krummrich <dakr@...nel.org>, rust-for-linux@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 2/2] uaccess: rust: add UserSliceReader::strcpy_into_buf

On Sun, Jun 01, 2025 at 06:09:26PM +0200, Benno Lossin wrote:
> On Sat May 31, 2025 at 11:09 PM CEST, Alice Ryhl wrote:
> > On Sat, May 31, 2025 at 10:38 PM Benno Lossin <lossin@...nel.org> wrote:
> >> Maybe I misunderstood the code, but if you do this:
> >>
> >>     let slice = UserSlice::new(ptr, 1024);
> >>     let mut buf = [0; 42];
> >>     let s = slice.strcpy_into_buf(&mut buf)?;
> >>
> >> Then it will read 42 characters from userspace and (if there was no nul
> >> byte) overwrite the last character with `\0`. If we now do
> >>
> >>     let mut buf2 = [0; 42];
> >>     let s2 = slice.strcpy_into_buf(&mut buf2)?;
> >>
> >> Then that will continue the read at index 42, but effectively one
> >> character will get skipped.
> >>
> >> (Now it's not possible to call `strcpy_into_buf` multiple times, but I
> >> see no real reason why it isn't a `&mut self` method. Also a user could
> >> call `clone_reader` and then manually `skip` 42 bytes. Although they
> >> might only skip 41 bytes, since that's the length of the CStr. But that
> >> runs into the problem that if there was a `\0` at index 41, then
> >> repeated uses of the pattern above will yield empty strings.)
> >
> > I removed the ability to call it multiple times to avoid dealing with
> > this kind of question. You may submit a follow-up patch to change it
> > if you have a use-case.
> 
> I don't have a use-case, but we should document this behavior somewhere
> especially since the ability to only call this function once guarantees
> the correctness.

I'll add a comment, though I would note that what we pass to
strncpy_from_user isn't really relevant here, even if the method was
&mut self. In that case, the thing that matters is how much we change
self.length by.

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ