lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Aug 2015 17:48:13 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: Alexei Starovoitov <ast@...mgrid.com> Cc: "David S. Miller" <davem@...emloft.net>, Ingo Molnar <mingo@...nel.org>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Wang Nan <wangnan0@...wei.com>, He Kuang <hekuang@...wei.com>, Daniel Borkmann <daniel@...earbox.net>, Brendan Gregg <brendan.d.gregg@...il.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 net-next 1/2] lib: introduce strncpy_from_unsafe() On Fri, 28 Aug 2015 12:51:48 -0700 Alexei Starovoitov <ast@...mgrid.com> wrote: > EXPORT_SYMBOL(strncpy_from_user); > + > +/** > + * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address. > + * @dst: Destination address, in kernel space. This buffer must be at > + * least @count bytes long. > + * @src: Unsafe address. > + * @count: Maximum number of bytes to copy, including the trailing NUL. > + * > + * Copies a NUL-terminated string from unsafe address to kernel buffer. > + * > + * On success, returns the length of the string (not including the trailing > + * NUL). I think it includes the NUL. > + * > + * If access fails, returns -EFAULT (some data may have been copied). > + * > + * If @count is smaller than the length of the string, copies @count bytes > + * and returns @count. > + */ > +long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) > +{ > + mm_segment_t old_fs = get_fs(); > + const void *src = unsafe_addr; src = unsafe_addr = 0x100; *unsafe_addr = "1\0"; > + long ret; > + > + if (unlikely(count <= 0)) > + return 0; > + > + set_fs(KERNEL_DS); > + pagefault_disable(); > + > + do { > + ret = __copy_from_user_inatomic(dst++, > + (const void __user __force *)src++, 1); First loop: dst[-1] = '1' src = 0x101 Second loop: dst[-1] = '\0' src = 0x102 > + } while (dst[-1] && ret == 0 && src - unsafe_addr < count); > + > + dst[-1] = '\0'; > + pagefault_enable(); > + set_fs(old_fs); > + > + return ret < 0 ? ret : src - unsafe_addr; src - unsafe_addr = 0x102 - 0x100 = 2 Included the NUL. -- Steve > +} -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists