lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20260118173055.1197250-1-thorsten.blum@linux.dev>
Date: Sun, 18 Jan 2026 18:30:49 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Tyler Hicks <code@...icks.com>,
	Thorsten Blum <thorsten.blum@...ux.dev>,
	Eric Biggers <ebiggers@...nel.org>,
	Christian Brauner <brauner@...nel.org>,
	Ard Biesheuvel <ardb@...nel.org>,
	Baolin Liu <liubaolin@...inos.cn>,
	Slark Xiao <slark_xiao@....com>
Cc: ecryptfs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] ecryptfs: Replace memcpy + manual NUL termination with strscpy

Use strscpy() to copy the NUL-terminated '->token.password.signature'
and 'sig' to the destination buffers instead of using memcpy() followed
by manual NUL terminations.

Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
 fs/ecryptfs/debug.c    | 5 ++---
 fs/ecryptfs/keystore.c | 6 ++----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/fs/ecryptfs/debug.c b/fs/ecryptfs/debug.c
index cf6d0e8e25a1..006ab871cda9 100644
--- a/fs/ecryptfs/debug.c
+++ b/fs/ecryptfs/debug.c
@@ -7,6 +7,7 @@
  *   Author(s): Michael A. Halcrow <mahalcro@...ibm.com>
  */
 
+#include <linux/string.h>
 #include "ecryptfs_kernel.h"
 
 /*
@@ -34,9 +35,7 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
 		    ECRYPTFS_PERSISTENT_PASSWORD) {
 			ecryptfs_printk(KERN_DEBUG, " * persistent\n");
 		}
-		memcpy(sig, auth_tok->token.password.signature,
-		       ECRYPTFS_SIG_SIZE_HEX);
-		sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
+		strscpy(sig, auth_tok->token.password.signature);
 		ecryptfs_printk(KERN_DEBUG, " * signature = [%s]\n", sig);
 	}
 	ecryptfs_printk(KERN_DEBUG, " * session_key.flags = [0x%x]\n",
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index bbf8603242fa..a615489e5a17 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -2457,8 +2457,7 @@ int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
 	if (!new_key_sig)
 		return -ENOMEM;
 
-	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
-	new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
+	strscpy(new_key_sig->keysig, sig);
 	/* Caller must hold keysig_list_mutex */
 	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
 
@@ -2478,9 +2477,8 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
 	if (!new_auth_tok)
 		return -ENOMEM;
 
-	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
+	strscpy(new_auth_tok->sig, sig);
 	new_auth_tok->flags = global_auth_tok_flags;
-	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
 	list_add(&new_auth_tok->mount_crypt_stat_list,
 		 &mount_crypt_stat->global_auth_tok_list);
-- 
Thorsten Blum <thorsten.blum@...ux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ