kernel-hardening.lists.openwall.com archive mirror
 help / color / mirror / Atom feed
From: "Tobin C. Harding" <tobin@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: "Tobin C. Harding" <tobin@kernel.org>,
	Shuah Khan <shuah@kernel.org>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	kernel-hardening@lists.openwall.com,
	linux-kernel@vger.kernel.org
Subject: [PATCH 5/6] lib: Fix function documentation for strncpy_from_user
Date: Tue, 19 Feb 2019 10:23:07 +1100	[thread overview]
Message-ID: <20190218232308.11241-6-tobin@kernel.org> (raw)
In-Reply-To: <20190218232308.11241-1-tobin@kernel.org>

Current function documentation for strncpy_from_user() is incorrect.  If
@count (size of destination buffer) is less than the length of the user
string the function does _not_ return @count but rather returns -EFAULT.

Document correctly the function return value, also add note that string
may be left non-null terminated.

Signed-off-by: Tobin C. Harding <tobin@kernel.org>
---
 lib/strncpy_from_user.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 58eacd41526c..11fe9a4a00fd 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -82,22 +82,19 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long
 }
 
 /**
- * strncpy_from_user: - Copy a NUL terminated string from userspace.
+ * strncpy_from_user() - Copy a NUL terminated string from userspace.
  * @dst:   Destination address, in kernel space.  This buffer must be at
  *         least @count bytes long.
  * @src:   Source address, in user space.
- * @count: Maximum number of bytes to copy, including the trailing NUL.
+ * @count: Maximum number of bytes to copy, including the trailing %NUL.
  *
  * Copies a NUL-terminated string from userspace to kernel space.
  *
- * On success, returns the length of the string (not including the trailing
- * NUL).
- *
- * If access to userspace fails, returns -EFAULT (some data may have been
- * copied).
- *
- * If @count is smaller than the length of the string, copies @count bytes
- * and returns @count.
+ * Return: If access to userspace fails, returns -EFAULT.  Otherwise,
+ *         return the number of characters copied excluding the trailing
+ *         %NUL, if the length of the user string exceeds @count return
+ *         -EFAULT (in which case @dst will be left without a %NUL
+ *         terminator).
  */
 long strncpy_from_user(char *dst, const char __user *src, long count)
 {
-- 
2.20.1

  parent reply	other threads:[~2019-02-18 23:23 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-18 23:23 [PATCH 0/6] lib: Add safe string funtions Tobin C. Harding
2019-02-18 23:23 ` [PATCH 1/6] lib/string: Enable string selftesting Tobin C. Harding
2019-02-19 10:55   ` Andy Shevchenko
2019-02-19 21:55     ` Tobin C. Harding
2019-02-20 10:49       ` Andy Shevchenko
2019-02-20 23:58       ` Kees Cook
2019-02-20 23:57   ` Kees Cook
2019-02-21  5:16     ` Tobin C. Harding
2019-02-18 23:23 ` [PATCH 2/6] lib/string: Fix erroneous 'overflow' documentation Tobin C. Harding
2019-02-21  0:02   ` Kees Cook
2019-02-21  5:17     ` Tobin C. Harding
2019-02-18 23:23 ` [PATCH 3/6] lib/string: Use correct docstring format Tobin C. Harding
2019-02-21  0:07   ` Kees Cook
2019-02-21  4:14     ` Randy Dunlap
2019-02-21  5:27       ` Kees Cook
2019-02-18 23:23 ` [PATCH 4/6] lib/string: Add string copy/zero function Tobin C. Harding
2019-02-21  0:48   ` Kees Cook
2019-02-21  5:20     ` Tobin C. Harding
2019-02-21 12:02     ` Andy Shevchenko
2019-02-25 20:09     ` Tobin C. Harding
2019-02-18 23:23 ` Tobin C. Harding [this message]
2019-02-19  0:51   ` [PATCH 5/6] lib: Fix function documentation for strncpy_from_user Jann Horn
2019-02-19 21:52     ` Tobin C. Harding
2019-02-21  1:05     ` Kees Cook
2019-02-21  5:24       ` Tobin C. Harding
2019-02-21  6:02         ` Kees Cook
2019-02-21 14:58           ` Rasmus Villemoes
2019-02-21 23:03             ` Kees Cook
2019-02-25 15:41               ` Rasmus Villemoes
2019-02-21 16:06           ` Jann Horn
2019-02-21 23:14             ` Kees Cook
2019-02-21 20:26           ` Stephen Rothwell
2019-02-21 23:16             ` Kees Cook
2019-02-21 14:28       ` Jann Horn
2019-02-21 22:52         ` Kees Cook
2019-02-18 23:23 ` [PATCH 6/6] lib: Add function strscpy_from_user() Tobin C. Harding
2019-02-19  2:09   ` Jann Horn
2019-02-19  2:12   ` Jann Horn
2019-02-19 21:53     ` Tobin C. Harding
2019-02-20 23:31 ` [PATCH 0/6] lib: Add safe string funtions Kees Cook
2019-02-21  5:15   ` Tobin C. Harding

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190218232308.11241-6-tobin@kernel.org \
    --to=tobin@kernel.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=shuah@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).