lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <17A3048D-E2E3-41FD-A6A0-853B2E481B12@linux.dev>
Date: Mon, 11 Aug 2025 20:10:58 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Doug Anderson <dianders@...omium.org>
Cc: Jason Wessel <jason.wessel@...driver.com>,
 Daniel Thompson <danielt@...nel.org>,
 Justin Stitt <justinstitt@...gle.com>,
 linux-hardening@...r.kernel.org,
 Daniel Thompson <daniel@...cstar.com>,
 kgdb-bugreport@...ts.sourceforge.net,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kdb: Replace deprecated strcpy() with strscpy() in
 vkdb_printf()

Hi Doug,

On 11. Aug 2025, at 19:48, Doug Anderson wrote:
> On Mon, Aug 11, 2025 at 10:04 AM Thorsten Blum wrote:
>> 
>> strcpy() is deprecated; use strscpy() instead.
>> 
>> Use the return value of strscpy() instead of calling strlen() again.
>> 
>> Link: https://github.com/KSPP/linux/issues/88
>> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
>> ---
> 
> It made me a little nervous that you're not checking for the fact that
> strscpy() could return an error code. Without the check you're just
> replacing one type of problem (buffer overflow) with another type (the
> code running with a negative length). IMO in cases like this either
> leave the strlen() in there or check the return value for errors.

Yes, I should have checked the return value or left strlen() as is. This
was actually a last minute "improvement" I should have skipped.

> ...so I looked a little deeper here to see if the buffer overflow was
> actually possible to begin with. Looking, I _think_ this is true:
> 
> * `cp` is a pointer into `kdb_buffer` (location of first '\n')
> * `cphold` and `cp` are equal at this point.
> 
> ...so you're guaranteed not to overflow because the destination and
> source overlap. ...but that means we shouldn't have been using
> strcpy() either way. Both strcpy() and strscpy() say that their
> behaviors are undefined if the src/dest overlap. This means that
> really the right fix is to use memmove().

Good catch. I read about the undefined behavior in the function comment,
but never encountered it and haven't really been looking out for it.

> The above is based solely on code inspection w/ no testing. If I got
> it wrong, let me know.

Yes, I just compile-tested it as I didn't expect src/dst to overlap. And
then my last-minute change to strlen() made it even worse. Sorry about
that.

Are you going to fix it using memmove() or should I submit a v2?

Thanks,
Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ