[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c296eb89-32e2-0866-34f1-0bdd00d80f82@gmail.com>
Date: Mon, 22 Feb 2021 17:00:30 +0100
From: Bodo Stroesser <bostroesser@...il.com>
To: Romain Perier <romain.perier@...il.com>, Kees Cook
<keescook@...omium.org>, kernel-hardening@...ts.openwall.com,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: linux-scsi@...r.kernel.org, target-devel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 14/20] target: Manual replacement of the deprecated
strlcpy() with return values
On 22.02.21 16:12, Romain Perier wrote:
> The strlcpy() reads the entire source buffer first, it is dangerous if
> the source buffer lenght is unbounded or possibility non NULL-terminated.
> It can lead to linear read overflows, crashes, etc...
>
> As recommended in the deprecated interfaces [1], it should be replaced
> by strscpy.
>
> This commit replaces all calls to strlcpy that handle the return values
> by the corresponding strscpy calls with new handling of the return
> values (as it is quite different between the two functions).
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
>
> Signed-off-by: Romain Perier <romain.perier@...il.com>
> ---
> drivers/target/target_core_configfs.c | 33 +++++++++------------------------
> 1 file changed, 9 insertions(+), 24 deletions(-)
>
> diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
> index f04352285155..676215cd8847 100644
> --- a/drivers/target/target_core_configfs.c
> +++ b/drivers/target/target_core_configfs.c
> @@ -1325,16 +1325,11 @@ static ssize_t target_wwn_vendor_id_store(struct config_item *item,
> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
> unsigned char buf[INQUIRY_VENDOR_LEN + 2];
> char *stripped = NULL;
> - size_t len;
> + ssize_t len;
> ssize_t ret;
>
> - len = strlcpy(buf, page, sizeof(buf));
> - if (len < sizeof(buf)) {
> - /* Strip any newline added from userspace. */
> - stripped = strstrip(buf);
> - len = strlen(stripped);
> - }
> - if (len > INQUIRY_VENDOR_LEN) {
> + len = strscpy(buf, page, sizeof(buf));
> + if (len == -E2BIG) {
> pr_err("Emulated T10 Vendor Identification exceeds"
> " INQUIRY_VENDOR_LEN: " __stringify(INQUIRY_VENDOR_LEN)
> "\n");
> @@ -1381,16 +1376,11 @@ static ssize_t target_wwn_product_id_store(struct config_item *item,
> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
> unsigned char buf[INQUIRY_MODEL_LEN + 2];
> char *stripped = NULL;
> - size_t len;
> + ssize_t len;
> ssize_t ret;
>
> - len = strlcpy(buf, page, sizeof(buf));
> - if (len < sizeof(buf)) {
> - /* Strip any newline added from userspace. */
> - stripped = strstrip(buf);
> - len = strlen(stripped);
> - }
> - if (len > INQUIRY_MODEL_LEN) {
> + len = strscpy(buf, page, sizeof(buf));
> + if (len == -E2BIG) {
> pr_err("Emulated T10 Vendor exceeds INQUIRY_MODEL_LEN: "
> __stringify(INQUIRY_MODEL_LEN)
> "\n");
> @@ -1437,16 +1427,11 @@ static ssize_t target_wwn_revision_store(struct config_item *item,
> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
> unsigned char buf[INQUIRY_REVISION_LEN + 2];
> char *stripped = NULL;
> - size_t len;
> + ssize_t len;
> ssize_t ret;
>
> - len = strlcpy(buf, page, sizeof(buf));
> - if (len < sizeof(buf)) {
> - /* Strip any newline added from userspace. */
> - stripped = strstrip(buf);
> - len = strlen(stripped);
> - }
> - if (len > INQUIRY_REVISION_LEN) {
> + len = strscpy(buf, page, sizeof(buf));
> + if (len == -E2BIG) {
> pr_err("Emulated T10 Revision exceeds INQUIRY_REVISION_LEN: "
> __stringify(INQUIRY_REVISION_LEN)
> "\n");
>
AFAICS, you are not only replacing strlcpy with strscpy, but also remove
stripping of possible trailing '\n', and remove the necessary length
check of the remaining string.
-Bodo
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
