lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42dba6ff429f9da6daabadd43f8d05bc5373e47d.camel@redhat.com>
Date: Wed, 14 Jun 2023 12:36:57 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Hao Lan <lanhao@...wei.com>, netdev@...r.kernel.org
Cc: yisen.zhuang@...wei.com, salil.mehta@...wei.com, davem@...emloft.net, 
	edumazet@...gle.com, kuba@...nel.org, richardcochran@...il.com, 
	wangpeiyang1@...wei.com, shenjian15@...wei.com, chenhao418@...wei.com, 
	simon.horman@...igine.com, wangjie125@...wei.com, yuanjilin@...rlc.com, 
	cai.huoqing@...ux.dev, xiujianfeng@...wei.com
Subject: Re: [PATCH net-next v2 3/4] net: hns3: fix strncpy() not using
 dest-buf length as length issue

On Mon, 2023-06-12 at 20:23 +0800, Hao Lan wrote:
> From: Hao Chen <chenhao418@...wei.com>
> 
> Now, strncpy() in hns3_dbg_fill_content() use src-length as copy-length,
> it may result in dest-buf overflow.
> 
> This patch is to fix intel compile warning for csky-linux-gcc (GCC) 12.1.0
> compiler.
> 
> The warning reports as below:
> 
> hclge_debugfs.c:92:25: warning: 'strncpy' specified bound depends on
> the length of the source argument [-Wstringop-truncation]
> 
> strncpy(pos, items[i].name, strlen(items[i].name));
> 
> hclge_debugfs.c:90:25: warning: 'strncpy' output truncated before
> terminating nul copying as many bytes from a string as its length
> [-Wstringop-truncation]
> 
> strncpy(pos, result[i], strlen(result[i]));
> 
> strncpy() use src-length as copy-length, it may result in
> dest-buf overflow.
> 
> So,this patch add some values check to avoid this issue.
> 
> ChangeLog:
> v1->v2:
> Use strcpy substitutes for memcpy
> suggested by Simon Horman.

In the next revision, please move the changelog after the '---'
separator below, so that it will no included into the actual commit
message. (Applies to all the patch in the series)

Thanks!

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ