| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3fd91204-629f-4024-8d49-c76c7b344735@intel.com> Date: Mon, 11 Aug 2025 16:25:26 +0200 From: Alexander Lobakin <aleksander.lobakin@...el.com> To: Kees Cook <kees@...nel.org> CC: Nathan Chancellor <nathan@...nel.org>, Masahiro Yamada <masahiroy@...nel.org>, Nicolas Schier <nicolas.schier@...ux.dev>, <linux-kbuild@...r.kernel.org>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>, "Justin Stitt" <justinstitt@...gle.com>, <linux-kernel@...r.kernel.org>, <llvm@...ts.linux.dev>, <linux-hardening@...r.kernel.org> Subject: Re: [PATCH v2] kbuild: Re-enable -Wunterminated-string-initialization From: Kees Cook <kees@...nel.org> Date: Thu, 7 Aug 2025 15:00:24 -0700 > On Thu, Aug 07, 2025 at 03:31:05PM +0200, Alexander Lobakin wrote: >> Sure, lots of drivers uses normal string copy functions etc. >> But Ethtool strings *must* be NUL-terminated, so this fixed-size + >> memcpy() only hurts. > > This is the misunderstanding: they're only NUL padded, but not strictly > NUL terminated. You can see ethtool itself has to be careful with the > strings, limiting the fprintf to their sizeof(): > > https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/ethtool.c#n1013 > > or using strncmp everywhere. Maybe we should add a check to the Ethtool core that every 32-th array symbol == \0 to detect misbehaving drivers like this one :D Thanks, Olek
Powered by blists - more mailing lists