lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240410113614.39b61b0d@gandalf.local.home>
Date: Wed, 10 Apr 2024 11:36:14 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Andrew Lunn <andrew@...n.ch>, Heiner Kallweit <hkallweit1@...il.com>,
 Russell King <linux@...linux.org.uk>, Masami Hiramatsu
 <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 Chuck Lever <chuck.lever@...cle.com>, Jeff Layton <jlayton@...nel.org>,
 Neil Brown <neilb@...e.de>, Olga Kornievskaia <kolga@...app.com>, Dai Ngo
 <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
 linux-nfs@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] trace: events: cleanup deprecated strncpy uses

On Mon, 01 Apr 2024 23:48:52 +0000
Justin Stitt <justinstitt@...gle.com> wrote:

> diff --git a/include/trace/events/rpcgss.h b/include/trace/events/rpcgss.h
> index ba2d96a1bc2f..274c297f1b15 100644
> --- a/include/trace/events/rpcgss.h
> +++ b/include/trace/events/rpcgss.h
> @@ -618,7 +618,7 @@ TRACE_EVENT(rpcgss_context,
>  		__entry->timeout = timeout;
>  		__entry->window_size = window_size;
>  		__entry->len = len;
> -		strncpy(__get_str(acceptor), data, len);
> +		memcpy(__get_str(acceptor), data, len);
>  	),
>  
>  	TP_printk("win_size=%u expiry=%lu now=%lu timeout=%u acceptor=%.*s",

WTF, that code is just buggy. Looking at the rpcgss_context event we have:

> TRACE_EVENT(rpcgss_context,
>         TP_PROTO(
>                 u32 window_size,
>                 unsigned long expiry,
>                 unsigned long now,
>                 unsigned int timeout,
>                 unsigned int len,
>                 const u8 *data
>         ),
> 
>         TP_ARGS(window_size, expiry, now, timeout, len, data),
> 
>         TP_STRUCT__entry(
>                 __field(unsigned long, expiry)
>                 __field(unsigned long, now)
>                 __field(unsigned int, timeout)
>                 __field(u32, window_size)
>                 __field(int, len)
>                 __string(acceptor, data)

The __string() macro expects "data" to be a string and does *not* check
length when copying.

If anything, it needs to be:

		__string_len(acceptor, data, len)

as the macro code has changed recently, and the current code will crash!

>         ),
> 
>         TP_fast_assign(
>                 __entry->expiry = expiry;
>                 __entry->now = now;
>                 __entry->timeout = timeout;
>                 __entry->window_size = window_size;
>                 __entry->len = len;
>                 strncpy(__get_str(acceptor), data, len);

Then this needs to be:

		__assign_str(acceptor, data);

Note, the length is now saved via __string_len() and not needed here.

I'll go send a patch to fix this.

-- Steve


>         ),

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ