lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAD=FV=XzSD+pz9RNZDS0paDUWKJ-AW91U5DuEQziszYchuZGAQ@mail.gmail.com>
Date: Mon, 11 Aug 2025 11:13:31 -0700
From: Doug Anderson <dianders@...omium.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Jason Wessel <jason.wessel@...driver.com>, Daniel Thompson <danielt@...nel.org>, 
	Justin Stitt <justinstitt@...gle.com>, linux-hardening@...r.kernel.org, 
	Daniel Thompson <daniel@...cstar.com>, kgdb-bugreport@...ts.sourceforge.net, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kdb: Replace deprecated strcpy() with strscpy() in vkdb_printf()

Hi,

On Mon, Aug 11, 2025 at 11:11 AM Thorsten Blum <thorsten.blum@...ux.dev> wrote:
>
> > ...so I looked a little deeper here to see if the buffer overflow was
> > actually possible to begin with. Looking, I _think_ this is true:
> >
> > * `cp` is a pointer into `kdb_buffer` (location of first '\n')
> > * `cphold` and `cp` are equal at this point.
> >
> > ...so you're guaranteed not to overflow because the destination and
> > source overlap. ...but that means we shouldn't have been using
> > strcpy() either way. Both strcpy() and strscpy() say that their
> > behaviors are undefined if the src/dest overlap. This means that
> > really the right fix is to use memmove().
>
> Good catch. I read about the undefined behavior in the function comment,
> but never encountered it and haven't really been looking out for it.
>
> > The above is based solely on code inspection w/ no testing. If I got
> > it wrong, let me know.
>
> Yes, I just compile-tested it as I didn't expect src/dst to overlap. And
> then my last-minute change to strlen() made it even worse. Sorry about
> that.
>
> Are you going to fix it using memmove() or should I submit a v2?

Do you want to send a v2 that switches it to memmove()?

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ