* [PATCH] strscpy: reject buffer sizes larger than INT_MAX
@ 2019-07-26 16:31 Kees Cook
0 siblings, 0 replies; only message in thread
From: Kees Cook @ 2019-07-26 16:31 UTC (permalink / raw)
To: Andrew Morton
Cc: Joe Perches, Linus Torvalds, Rasmus Villemoes, Yann Droneaud,
David Laight, Jonathan Corbet, Stephen Kitt, Nitin Gote, jannh,
kernel-hardening, linux-kernel
As already done for snprintf(), add a check in strscpy() for giant
(i.e. likely negative and/or miscalculated) copy sizes, WARN, and
error out.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
lib/string.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/string.c b/lib/string.c
index 461fb620f85f..913cb945a82a 100644
--- a/lib/string.c
+++ b/lib/string.c
@@ -182,7 +182,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
size_t max = count;
long res = 0;
- if (count == 0)
+ if (count == 0 || WARN_ON_ONCE(count > INT_MAX))
return -E2BIG;
#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
--
2.17.1
--
Kees Cook
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-07-26 16:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-26 16:31 [PATCH] strscpy: reject buffer sizes larger than INT_MAX Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).