linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Shuah Khan <skhan@linuxfoundation.org>
To: Romain Perier <romain.perier@gmail.com>,
	Kees Cook <keescook@chromium.org>,
	kernel-hardening@lists.openwall.com,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Valentina Manea <valentina.manea.m@gmail.com>,
	Shuah Khan <shuah@kernel.org>
Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
	Shuah Khan <skhan@linuxfoundation.org>
Subject: Re: [PATCH 19/20] usbip: usbip_host: Manual replacement of the deprecated strlcpy() with return values
Date: Mon, 22 Feb 2021 09:21:50 -0700	[thread overview]
Message-ID: <0323dcb2-726c-7ea2-8e8b-dba81090b571@linuxfoundation.org> (raw)
In-Reply-To: <20210222151231.22572-20-romain.perier@gmail.com>

On 2/22/21 8:12 AM, Romain Perier wrote:
> The strlcpy() reads the entire source buffer first, it is dangerous if
> the source buffer lenght is unbounded or possibility non NULL-terminated.
> It can lead to linear read overflows, crashes, etc...
> 
> As recommended in the deprecated interfaces [1], it should be replaced
> by strscpy.
> 
> This commit replaces all calls to strlcpy that handle the return values
> by the corresponding strscpy calls with new handling of the return
> values (as it is quite different between the two functions).
> 
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> 
> Signed-off-by: Romain Perier <romain.perier@gmail.com>
> ---
>   drivers/usb/usbip/stub_main.c |    6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c
> index 77a5b3f8736a..5bc2c09c0d10 100644
> --- a/drivers/usb/usbip/stub_main.c
> +++ b/drivers/usb/usbip/stub_main.c
> @@ -167,15 +167,15 @@ static ssize_t match_busid_show(struct device_driver *drv, char *buf)
>   static ssize_t match_busid_store(struct device_driver *dev, const char *buf,
>   				 size_t count)
>   {
> -	int len;
> +	ssize_t len;
>   	char busid[BUSID_SIZE];
>   
>   	if (count < 5)
>   		return -EINVAL;
>   
>   	/* busid needs to include \0 termination */
> -	len = strlcpy(busid, buf + 4, BUSID_SIZE);
> -	if (sizeof(busid) <= len)
> +	len = strscpy(busid, buf + 4, BUSID_SIZE);
> +	if (len == -E2BIG)
>   		return -EINVAL;
>   
>   	if (!strncmp(buf, "add ", 4)) {
> 


Looks good to me. Thank you.

Acked-by: Shuah Khan <skhan@linuxfoundation.org>

thanks,
-- Shuah

  reply	other threads:[~2021-02-22 16:23 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-22 15:12 [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy Romain Perier
2021-02-22 15:12 ` [PATCH 01/20] cgroup: Manual replacement of the deprecated strlcpy() with return values Romain Perier
2021-02-23 16:13   ` Michal Koutný
2021-02-22 15:12 ` [PATCH 02/20] crypto: " Romain Perier
2021-03-04  4:37   ` Herbert Xu
2021-02-22 15:12 ` [PATCH 03/20] devlink: " Romain Perier
2021-02-23  0:56   ` Jakub Kicinski
2021-02-22 15:12 ` [PATCH 04/20] dma-buf: " Romain Perier
2021-02-22 15:12 ` [PATCH 05/20] kobject: " Romain Perier
2021-02-22 15:12 ` [PATCH 06/20] ima: " Romain Perier
2021-03-02 13:29   ` Mimi Zohar
2021-02-22 15:12 ` [PATCH 07/20] SUNRPC: " Romain Perier
2021-03-01 18:25   ` Chuck Lever
2021-02-22 15:12 ` [PATCH 08/20] kernfs: " Romain Perier
2021-02-22 15:12 ` [PATCH 09/20] m68k/atari: " Romain Perier
2021-02-22 15:12 ` [PATCH 10/20] module: " Romain Perier
2021-02-22 15:12 ` [PATCH 11/20] hwmon: " Romain Perier
2021-02-22 15:46   ` Guenter Roeck
2021-02-28 11:50     ` Joe Perches
2021-02-22 15:12 ` [PATCH 12/20] s390/hmcdrv: " Romain Perier
2021-02-22 15:12 ` [PATCH 13/20] scsi: zfcp: " Romain Perier
2021-02-22 16:04   ` Benjamin Block
2021-02-22 15:12 ` [PATCH 14/20] target: " Romain Perier
2021-02-22 16:00   ` Bodo Stroesser
2021-02-22 18:09   ` kernel test robot
2021-02-22 15:12 ` [PATCH 15/20] ALSA: usb-audio: " Romain Perier
2021-02-22 15:39   ` Takashi Iwai
2021-02-22 15:12 ` [PATCH 16/20] tracing/probe: " Romain Perier
2021-02-22 17:49   ` Steven Rostedt
2021-02-22 15:12 ` [PATCH 17/20] vt: " Romain Perier
2021-02-26  9:49   ` Jiri Slaby
2021-02-22 15:12 ` [PATCH 18/20] usb: gadget: f_midi: " Romain Perier
2021-02-22 15:12 ` [PATCH 19/20] usbip: usbip_host: " Romain Perier
2021-02-22 16:21   ` Shuah Khan [this message]
2021-02-28  9:03   ` Sergei Shtylyov
2021-02-22 15:12 ` [PATCH 20/20] s390/watchdog: " Romain Perier
2021-02-22 15:55   ` Guenter Roeck
2021-02-22 16:36 ` [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0323dcb2-726c-7ea2-8e8b-dba81090b571@linuxfoundation.org \
    --to=skhan@linuxfoundation.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=romain.perier@gmail.com \
    --cc=shuah@kernel.org \
    --cc=valentina.manea.m@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).