Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <b9bb5550b264d4b29b2b20f7ff8b1b40d20def6a.camel@perches.com>
Date: Mon, 22 Jul 2019 10:43:50 -0700
From: Joe Perches <joe@...ches.com>
To: Kees Cook <keescook@...omium.org>
Cc: Nitin Gote <nitin.r.gote@...el.com>, akpm@...ux-foundation.org, 
	corbet@....net, apw@...onical.com, linux-doc@...r.kernel.org, 
	linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Rasmus
	Villemoes <rasmus.villemoes@...vas.dk>
Subject: Re: [RFC PATCH] string.h: Add stracpy/stracpy_pad (was: Re: [PATCH]
 checkpatch: Added warnings in favor of strscpy().)

On Mon, 2019-07-22 at 10:33 -0700, Kees Cook wrote:
> On Thu, Jul 04, 2019 at 05:15:57PM -0700, Joe Perches wrote:
> > On Thu, 2019-07-04 at 13:46 -0700, Joe Perches wrote:
> > > On Thu, 2019-07-04 at 11:24 +0530, Nitin Gote wrote:
> > > > Added warnings in checkpatch.pl script to :
> > > > 
> > > > 1. Deprecate strcpy() in favor of strscpy().
> > > > 2. Deprecate strlcpy() in favor of strscpy().
> > > > 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad().
> > > > 
> > > > Updated strncpy() section in Documentation/process/deprecated.rst
> > > > to cover strscpy_pad() case.
> > 
> > []
> > 
> > I sent a patch series for some strscpy/strlcpy misuses.
> > 
> > How about adding a macro helper to avoid the misuses like:
> > ---
> >  include/linux/string.h | 16 ++++++++++++++++
> >  1 file changed, 16 insertions(+)
> > 
> > diff --git a/include/linux/string.h b/include/linux/string.h
> > index 4deb11f7976b..ef01bd6f19df 100644
> > --- a/include/linux/string.h
> > +++ b/include/linux/string.h
> > @@ -35,6 +35,22 @@ ssize_t strscpy(char *, const char *, size_t);
> >  /* Wraps calls to strscpy()/memset(), no arch specific code required */
> >  ssize_t strscpy_pad(char *dest, const char *src, size_t count);
> >  
> > +#define stracpy(to, from)					\
> > +({								\
> > +	size_t size = ARRAY_SIZE(to);				\
> > +	BUILD_BUG_ON(!__same_type(typeof(*to), char));		\
> > +								\
> > +	strscpy(to, from, size);				\
> > +})
> > +
> > +#define stracpy_pad(to, from)					\
> > +({								\
> > +	size_t size = ARRAY_SIZE(to);				\
> > +	BUILD_BUG_ON(!__same_type(typeof(*to), char));		\
> > +								\
> > +	strscpy_pad(to, from, size);				\
> > +})
> > +
> >  #ifndef __HAVE_ARCH_STRCAT
> >  extern char * strcat(char *, const char *);
> >  #endif
> 
> This seems like a reasonable addition, yes. I think Coccinelle might
> actually be able to find all the existing strscpy(dst, src, sizeof(dst))
> cases to jump-start this conversion.

I did that.  It works.  It's a lot of conversions.

$ cat str.cpy.cocci
@@
expression e1;
expression e2;
@@

- strscpy(e1, e2, sizeof(e1))
+ stracpy(e1, e2)

@@
expression e1;
expression e2;
@@

- strlcpy(e1, e2, sizeof(e1))
+ stracpy(e1, e2)

> Devil's advocate: this adds yet more string handling functions... will
> this cause even more confusion?

Documentation is good.
Actual in-kernel use and examples better.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.