* [PATCH net-next] pktgen: convert safe uses of strncpy() to strcpy() to avoid string truncation warning
@ 2018-07-17 21:32 Jakub Kicinski
2018-07-18 22:24 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Kicinski @ 2018-07-17 21:32 UTC (permalink / raw)
To: davem; +Cc: oss-drivers, netdev, Jakub Kicinski
GCC 8 complains:
net/core/pktgen.c: In function ‘pktgen_if_write’:
net/core/pktgen.c:1419:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->src_max, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/pktgen.c:1399:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->src_min, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/pktgen.c:1290:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->dst_max, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/pktgen.c:1268:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->dst_min, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There is no bug here, but the code is not perfect either. It copies
sizeof(pkt_dev->/member/) - 1 from user space into buf, and then does
a strcmp(pkt_dev->/member/, buf) hence assuming buf will be null-terminated
and shorter than pkt_dev->/member/ (pkt_dev->/member/ is never
explicitly null-terminated, and strncpy() doesn't have to null-terminate
so the assumption must be on buf). The use of strncpy() without explicit
null-termination looks suspicious. Convert to use straight strcpy().
strncpy() would also null-pad the output, but that's clearly unnecessary
since the author calls memset(pkt_dev->/member/, 0, sizeof(..)); prior
to strncpy(), anyway.
While at it format the code for "dst_min", "dst_max", "src_min" and
"src_max" in the same way by removing extra new lines in one case.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Jiong Wang <jiong.wang@netronome.com>
---
net/core/pktgen.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 49368e21d228..308ed04984de 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -1265,7 +1265,7 @@ static ssize_t pktgen_if_write(struct file *file,
buf[len] = 0;
if (strcmp(buf, pkt_dev->dst_min) != 0) {
memset(pkt_dev->dst_min, 0, sizeof(pkt_dev->dst_min));
- strncpy(pkt_dev->dst_min, buf, len);
+ strcpy(pkt_dev->dst_min, buf);
pkt_dev->daddr_min = in_aton(pkt_dev->dst_min);
pkt_dev->cur_daddr = pkt_dev->daddr_min;
}
@@ -1280,14 +1280,12 @@ static ssize_t pktgen_if_write(struct file *file,
if (len < 0)
return len;
-
if (copy_from_user(buf, &user_buffer[i], len))
return -EFAULT;
-
buf[len] = 0;
if (strcmp(buf, pkt_dev->dst_max) != 0) {
memset(pkt_dev->dst_max, 0, sizeof(pkt_dev->dst_max));
- strncpy(pkt_dev->dst_max, buf, len);
+ strcpy(pkt_dev->dst_max, buf);
pkt_dev->daddr_max = in_aton(pkt_dev->dst_max);
pkt_dev->cur_daddr = pkt_dev->daddr_max;
}
@@ -1396,7 +1394,7 @@ static ssize_t pktgen_if_write(struct file *file,
buf[len] = 0;
if (strcmp(buf, pkt_dev->src_min) != 0) {
memset(pkt_dev->src_min, 0, sizeof(pkt_dev->src_min));
- strncpy(pkt_dev->src_min, buf, len);
+ strcpy(pkt_dev->src_min, buf);
pkt_dev->saddr_min = in_aton(pkt_dev->src_min);
pkt_dev->cur_saddr = pkt_dev->saddr_min;
}
@@ -1416,7 +1414,7 @@ static ssize_t pktgen_if_write(struct file *file,
buf[len] = 0;
if (strcmp(buf, pkt_dev->src_max) != 0) {
memset(pkt_dev->src_max, 0, sizeof(pkt_dev->src_max));
- strncpy(pkt_dev->src_max, buf, len);
+ strcpy(pkt_dev->src_max, buf);
pkt_dev->saddr_max = in_aton(pkt_dev->src_max);
pkt_dev->cur_saddr = pkt_dev->saddr_max;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] pktgen: convert safe uses of strncpy() to strcpy() to avoid string truncation warning
2018-07-17 21:32 [PATCH net-next] pktgen: convert safe uses of strncpy() to strcpy() to avoid string truncation warning Jakub Kicinski
@ 2018-07-18 22:24 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2018-07-18 22:24 UTC (permalink / raw)
To: jakub.kicinski; +Cc: oss-drivers, netdev
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Tue, 17 Jul 2018 14:32:24 -0700
> GCC 8 complains:
>
> net/core/pktgen.c: In function ‘pktgen_if_write’:
> net/core/pktgen.c:1419:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
> strncpy(pkt_dev->src_max, buf, len);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> net/core/pktgen.c:1399:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
> strncpy(pkt_dev->src_min, buf, len);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> net/core/pktgen.c:1290:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
> strncpy(pkt_dev->dst_max, buf, len);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> net/core/pktgen.c:1268:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
> strncpy(pkt_dev->dst_min, buf, len);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> There is no bug here, but the code is not perfect either. It copies
> sizeof(pkt_dev->/member/) - 1 from user space into buf, and then does
> a strcmp(pkt_dev->/member/, buf) hence assuming buf will be null-terminated
> and shorter than pkt_dev->/member/ (pkt_dev->/member/ is never
> explicitly null-terminated, and strncpy() doesn't have to null-terminate
> so the assumption must be on buf). The use of strncpy() without explicit
> null-termination looks suspicious. Convert to use straight strcpy().
>
> strncpy() would also null-pad the output, but that's clearly unnecessary
> since the author calls memset(pkt_dev->/member/, 0, sizeof(..)); prior
> to strncpy(), anyway.
>
> While at it format the code for "dst_min", "dst_max", "src_min" and
> "src_max" in the same way by removing extra new lines in one case.
>
> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
> Reviewed-by: Jiong Wang <jiong.wang@netronome.com>
Applied, thanks Jakub.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-18 23:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-17 21:32 [PATCH net-next] pktgen: convert safe uses of strncpy() to strcpy() to avoid string truncation warning Jakub Kicinski
2018-07-18 22:24 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).