| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Aug 2023 15:45:50 +0800 From: Jijie Shao <shaojijie@...wei.com> To: Leon Romanovsky <leon@...nel.org> CC: <shaojijie@...wei.com>, <yisen.zhuang@...wei.com>, <salil.mehta@...wei.com>, <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>, <pabeni@...hat.com>, <shenjian15@...wei.com>, <wangjie125@...wei.com>, <liuyonglong@...wei.com>, <chenhao418@...wei.com>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <stable@...r.kernel.org> Subject: Re: [PATCH net] net: hns3: fix strscpy causing content truncation issue on 2023/8/9 15:03, Leon Romanovsky wrote: > On Wed, Aug 09, 2023 at 10:09:02AM +0800, Jijie Shao wrote: >> From: Hao Chen <chenhao418@...wei.com> >> >> hns3_dbg_fill_content()/hclge_dbg_fill_content() is aim to integrate some >> items to a string for content, and we add '\n' and '\0' in the last >> two bytes of content. >> >> strscpy() will add '\0' in the last byte of destination buffer(one of >> items), it result in finishing content print ahead of schedule and some >> dump content truncation. >> >> One Error log shows as below: >> cat mac_list/uc >> UC MAC_LIST: >> >> Expected: >> UC MAC_LIST: >> FUNC_ID MAC_ADDR STATE >> pf 00:2b:19:05:03:00 ACTIVE >> >> The destination buffer is length-bounded and not required to be >> NUL-terminated, so just change strscpy() to memcpy() to fix it. > I think that you should change to strtomem() and not use plain memcpy(). > > Thanks Hi: We tried to replace memcpy with strtomem, but errors was reported during compilation: /kernel/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c: In function ‘hclge_dbg_fill_content.part.0’: /kernel/include/linux/compiler_types.h:397:38: error: call to ‘__compiletime_assert_519’ declared with attribute error: BUILD_BUG_ON failed: !__builtin_constant_p(_dest_len) || _dest_len == (size_t)-1 397 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^ /kernel/include/linux/compiler_types.h:378:4: note: in definition of macro ‘__compiletime_assert’ 378 | prefix ## suffix(); \ | ^~~~~~ /kernel/include/linux/compiler_types.h:397:2: note: in expansion of macro ‘_compiletime_assert’ 397 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^~~~~~~~~~~~~~~~~~~ /kernel/include/linux/build_bug.h:39:37: note: in expansion of macro ‘compiletime_assert’ 39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) | ^~~~~~~~~~~~~~~~~~ /kernel/include/linux/build_bug.h:50:2: note: in expansion of macro ‘BUILD_BUG_ON_MSG’ 50 | BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition) | ^~~~~~~~~~~~~~~~ /kernel/include/linux/string.h:302:2: note: in expansion of macro ‘BUILD_BUG_ON’ 302 | BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \ | ^~~~~~~~~~~~ /kernel/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c:115:4: note: in expansion of macro ‘strtomem’ 115 | strtomem(pos, result[i]); | ^~~~~~~~ In the strtomem macro, __builtin_object_size is used to calculate the _dest_len. We tried to print the _dest_len directly, and the result was -1. How can we solve this? Regards Jijie Shao
Powered by blists - more mailing lists