From: Kees Cook <keescook@chromium.org>
To: Joe Perches <joe@perches.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>,
Stephen Kitt <steve@sk2.org>, Nitin Gote <nitin.r.gote@intel.com>,
jannh@google.com, kernel-hardening@lists.openwall.com,
Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms
Date: Tue, 23 Jul 2019 14:36:25 -0700 [thread overview]
Message-ID: <201907231435.FABB1CC@keescook> (raw)
In-Reply-To: <7ab8957eaf9b0931a59eff6e2bd8c5169f2f6c41.1563841972.git.joe@perches.com>
On Mon, Jul 22, 2019 at 05:38:15PM -0700, Joe Perches wrote:
> Several uses of strlcpy and strscpy have had defects because the
> last argument of each function is misused or typoed.
>
> Add macro mechanisms to avoid this defect.
>
> stracpy (copy a string to a string array) must have a string
> array as the first argument (to) and uses sizeof(to) as the
> size.
>
> These mechanisms verify that the to argument is an array of
> char or other compatible types like u8 or unsigned char.
>
> A BUILD_BUG is emitted when the type of to is not compatible.
>
> Signed-off-by: Joe Perches <joe@perches.com>
I think Rasmus's suggestion would make sense:
BUILD_BUG_ON(!__same_type(typeof(to), char[]))
Either way, I think it should be fine:
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> include/linux/string.h | 41 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 41 insertions(+)
>
> diff --git a/include/linux/string.h b/include/linux/string.h
> index 4deb11f7976b..f80b0973f0e5 100644
> --- a/include/linux/string.h
> +++ b/include/linux/string.h
> @@ -35,6 +35,47 @@ ssize_t strscpy(char *, const char *, size_t);
> /* Wraps calls to strscpy()/memset(), no arch specific code required */
> ssize_t strscpy_pad(char *dest, const char *src, size_t count);
>
> +/**
> + * stracpy - Copy a C-string into an array of char
> + * @to: Where to copy the string, must be an array of char and not a pointer
> + * @from: String to copy, may be a pointer or const char array
> + *
> + * Helper for strscpy.
> + * Copies a maximum of sizeof(@to) bytes of @from with %NUL termination.
> + *
> + * Returns:
> + * * The number of characters copied (not including the trailing %NUL)
> + * * -E2BIG if @to is a zero size array.
> + */
> +#define stracpy(to, from) \
> +({ \
> + size_t size = ARRAY_SIZE(to); \
> + BUILD_BUG_ON(!__same_type(typeof(*to), char)); \
> + \
> + strscpy(to, from, size); \
> +})
> +
> +/**
> + * stracpy_pad - Copy a C-string into an array of char with %NUL padding
> + * @to: Where to copy the string, must be an array of char and not a pointer
> + * @from: String to copy, may be a pointer or const char array
> + *
> + * Helper for strscpy_pad.
> + * Copies a maximum of sizeof(@to) bytes of @from with %NUL termination
> + * and zero-pads the remaining size of @to
> + *
> + * Returns:
> + * * The number of characters copied (not including the trailing %NUL)
> + * * -E2BIG if @to is a zero size array.
> + */
> +#define stracpy_pad(to, from) \
> +({ \
> + size_t size = ARRAY_SIZE(to); \
> + BUILD_BUG_ON(!__same_type(typeof(*to), char)); \
> + \
> + strscpy_pad(to, from, size); \
> +})
> +
> #ifndef __HAVE_ARCH_STRCAT
> extern char * strcat(char *, const char *);
> #endif
> --
> 2.15.0
>
--
Kees Cook
next prev parent reply other threads:[~2019-07-23 21:36 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-23 0:38 [PATCH 0/2] string: Add stracpy and stracpy_pad Joe Perches
2019-07-23 0:38 ` [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms Joe Perches
2019-07-23 0:46 ` [Cocci] [Fwd: [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms] Joe Perches
2019-07-23 20:52 ` Julia Lawall
2019-07-23 20:52 ` [Cocci] " Julia Lawall
2019-07-23 23:42 ` Joe Perches
2019-07-23 23:42 ` [Cocci] " Joe Perches
2019-07-24 3:54 ` Julia Lawall
2019-07-24 3:54 ` [Cocci] " Julia Lawall
2019-07-24 4:19 ` Joe Perches
2019-07-24 4:19 ` [Cocci] " Joe Perches
2019-07-24 4:27 ` Julia Lawall
2019-07-24 4:27 ` [Cocci] " Julia Lawall
2019-07-24 4:37 ` Joe Perches
2019-07-24 4:37 ` [Cocci] " Joe Perches
2019-07-24 10:28 ` David Laight
2019-07-24 10:28 ` [Cocci] " David Laight
2019-07-24 10:43 ` Joe Perches
2019-07-24 10:43 ` [Cocci] " Joe Perches
2019-07-24 11:45 ` Julia Lawall
2019-07-24 11:45 ` [Cocci] " Julia Lawall
2019-07-25 1:42 ` Julia Lawall
2019-07-25 1:42 ` [Cocci] " Julia Lawall
2019-07-25 7:46 ` [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms Markus Elfring
2019-07-25 7:46 ` [Cocci] " Markus Elfring
2019-07-25 7:46 ` Markus Elfring
2019-07-25 11:34 ` Julia Lawall
2019-07-25 11:34 ` [Cocci] " Julia Lawall
2019-07-25 11:34 ` Julia Lawall
2019-07-25 12:40 ` [1/2] " Markus Elfring
2019-07-25 12:40 ` [Cocci] " Markus Elfring
2019-07-25 12:40 ` Markus Elfring
2019-07-25 13:45 ` [PATCH 1/2] " Markus Elfring
2019-07-25 13:45 ` [Cocci] " Markus Elfring
2019-07-25 13:45 ` Markus Elfring
2019-07-25 13:48 ` Julia Lawall
2019-07-25 13:48 ` [Cocci] " Julia Lawall
2019-07-25 13:48 ` Julia Lawall
2019-07-25 14:48 ` [1/2] " Markus Elfring
2019-07-25 14:48 ` [Cocci] " Markus Elfring
2019-07-25 14:48 ` Markus Elfring
2019-07-25 13:50 ` [Fwd: [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms] Joe Perches
2019-07-25 13:50 ` [Cocci] " Joe Perches
2019-07-25 13:58 ` Julia Lawall
2019-07-25 13:58 ` [Cocci] " Julia Lawall
2019-07-25 14:12 ` Joe Perches
2019-07-25 14:12 ` [Cocci] " Joe Perches
2019-07-25 22:51 ` Julia Lawall
2019-07-25 22:51 ` [Cocci] " Julia Lawall
2019-07-26 6:15 ` [1/2] string: Add stracpy and stracpy_pad mechanisms Markus Elfring
2019-07-26 6:15 ` [Cocci] " Markus Elfring
2019-07-26 6:15 ` Markus Elfring
2019-07-29 14:07 ` [Fwd: [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms] Julia Lawall
2019-07-29 14:07 ` [Cocci] " Julia Lawall
2019-07-29 16:28 ` Joe Perches
2019-07-29 16:28 ` [Cocci] " Joe Perches
2019-07-23 4:35 ` [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms Andrew Morton
2019-07-23 4:42 ` Joe Perches
2019-07-23 4:42 ` Joe Perches
2019-07-23 21:29 ` Kees Cook
2019-07-23 6:55 ` Rasmus Villemoes
2019-07-23 15:41 ` David Laight
2019-07-23 15:41 ` David Laight
2019-07-23 15:50 ` Joe Perches
2019-07-23 15:50 ` Joe Perches
2019-07-23 21:34 ` Kees Cook
2019-07-23 21:34 ` Kees Cook
2019-07-24 12:05 ` Yann Droneaud
2019-07-24 12:05 ` Yann Droneaud
2019-07-24 13:09 ` Rasmus Villemoes
2019-07-24 13:09 ` Rasmus Villemoes
2019-07-24 17:08 ` Linus Torvalds
2019-07-24 17:08 ` Linus Torvalds
2019-07-25 20:03 ` Kees Cook
2019-07-25 20:03 ` Kees Cook
2019-07-26 2:46 ` Joe Perches
2019-07-26 2:46 ` Joe Perches
2019-07-23 21:36 ` Kees Cook [this message]
2019-07-24 11:40 ` Joe Perches
2019-07-24 11:40 ` Joe Perches
2019-07-23 0:38 ` [PATCH 2/2] kernel-doc: core-api: Include string.h into core-api Joe Perches
2019-07-23 21:28 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201907231435.FABB1CC@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=jannh@google.com \
--cc=joe@perches.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nitin.r.gote@intel.com \
--cc=rasmus.villemoes@prevas.dk \
--cc=steve@sk2.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.