Thread (6 messages) 6 messages, 4 authors, 2021-07-31

Re: [PATCH] drivers/soc: Remove all strcpy() uses in favor of strscpy()

From: Robin Murphy <robin.murphy@arm.com>
Date: 2021-07-28 09:36:20
Also in: linux-arm-msm, linux-hardening, linux-renesas-soc, lkml

On 2021-07-28 09:36, David Laight wrote:
From: Geert Uytterhoeven
quoted
Sent: 26 July 2021 09:03

Hi Len,

On Sun, Jul 25, 2021 at 5:15 PM Len Baker [off-list ref] wrote:
quoted
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

Signed-off-by: Len Baker <redacted>
Thanks for your patch!
quoted
---
This is a task of the KSPP [1]

[1] https://github.com/KSPP/linux/issues/88
Any chance the almost one year old question in that ticket can be
answered?
quoted
  drivers/soc/renesas/rcar-sysc.c     |  6 ++++--
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>

But please see my comments below...
quoted
--- a/drivers/soc/renesas/r8a779a0-sysc.c
+++ b/drivers/soc/renesas/r8a779a0-sysc.c
@@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void)
         for (i = 0; i < info->num_areas; i++) {
                 const struct r8a779a0_sysc_area *area = &info->areas[i];
                 struct r8a779a0_sysc_pd *pd;
+               size_t area_name_size;
I wouldn't mind a shorter name, like "n".
quoted
                 if (!area->name) {
                         /* Skip NULLified area */
                         continue;
                 }

-               pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
+               area_name_size = strlen(area->name) + 1;
+               pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL);
                 if (!pd) {
                         error = -ENOMEM;
                         goto out_put;
                 }

-               strcpy(pd->name, area->name);
+               strscpy(pd->name, area->name, area_name_size);
You can just use memcpy().
Indeed. In fact I'd go as far as saying that it might be worth teaching 
static checkers to recognise patterns that boil down to strscpy(dst, 
src, strlen(src) + 1) and flag them as suspect, because AFAICS that 
would always represent either an unnecessarily elaborate memcpy(), or 
far worse just an obfuscated strcpy().

Robin.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help