From: Dan Carpenter <dan.carpenter@linaro.org>
To: Arnd Bergmann <arnd@kernel.org>, Alex Elder <elder@kernel.org>
Cc: linux-kernel@vger.kernel.org, Viresh Kumar <vireshk@kernel.org>,
Johan Hovold <johan@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
greybus-dev@lists.linaro.org, linux-staging@lists.linux.dev
Subject: Re: [PATCH 10/11] staging: greybus: change strncpy() to strscpy()
Date: Tue, 9 Apr 2024 10:09:21 +0300 [thread overview]
Message-ID: <3bdbb7aa-d9b4-40ec-836b-ae5978cda9e0@moroto.mountain> (raw)
In-Reply-To: <1622d9ff-feed-4a12-9d8d-3f00088c9edf@app.fastmail.com>
On Mon, Apr 08, 2024 at 08:26:00PM +0200, Arnd Bergmann wrote:
> On Thu, Mar 28, 2024, at 16:00, Dan Carpenter wrote:
> > On Thu, Mar 28, 2024 at 03:04:54PM +0100, Arnd Bergmann wrote:
> >> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> >> ---
> >> This is from randconfig testing with random gcc versions, a .config to
> >> reproduce is at https://pastebin.com/r13yezkU
> >> ---
> >> drivers/staging/greybus/fw-management.c | 4 ++--
> >> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/staging/greybus/fw-management.c b/drivers/staging/greybus/fw-management.c
> >> index 3054f084d777..35bfdd5f32d2 100644
> >> --- a/drivers/staging/greybus/fw-management.c
> >> +++ b/drivers/staging/greybus/fw-management.c
> >> @@ -303,13 +303,13 @@ static int fw_mgmt_backend_fw_update_operation(struct fw_mgmt *fw_mgmt,
> >> struct gb_fw_mgmt_backend_fw_update_request request;
> >> int ret;
> >>
> >> - strncpy(request.firmware_tag, tag, GB_FIRMWARE_TAG_MAX_SIZE);
> >> + ret = strscpy(request.firmware_tag, tag, GB_FIRMWARE_TAG_MAX_SIZE);
> >
> > This needs to be strscpy_pad() or it risks an information leak.
>
> Right, I think I misread the code thinking that the strncpy()
> destination was user provided, but I see now that this copy is
> from user-provided data into the stack, so the padding is indeed
> stale stack data.
>
> I could not find out whether this gets copied back to userspace,
> but adding the padding is safer indeed.
>
Grey bus is a bus, I'm not sure what's on the other end of the bus but
I think we've generally said that the data needs to be zeroed...
Although if that is true, why didn't I make this a Smatch warning?
regards,
dan carpenter
next prev parent reply other threads:[~2024-04-09 7:09 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-28 14:04 [PATCH 00/11] address remaining stringop-truncation warnings Arnd Bergmann
2024-03-28 14:04 ` Arnd Bergmann
2024-03-28 14:04 ` [PATCH 01/11] staging: vc04_services: changen strncpy() to strscpy_pad() Arnd Bergmann
2024-03-28 14:04 ` Arnd Bergmann
2024-03-28 14:42 ` Dan Carpenter
2024-03-28 14:42 ` Dan Carpenter
2024-03-28 16:15 ` Arnd Bergmann
2024-03-28 16:15 ` Arnd Bergmann
2024-03-28 23:10 ` Justin Stitt
2024-03-28 23:10 ` Justin Stitt
2024-03-28 14:04 ` [PATCH 02/11] scsi: devinfo: rework scsi_strcpy_devinfo() Arnd Bergmann
2024-03-28 16:46 ` Bart Van Assche
2024-03-28 23:14 ` Justin Stitt
2024-03-28 23:18 ` Arnd Bergmann
2024-03-28 14:04 ` [PATCH 03/11] staging: replace weird strncpy() with memcpy() Arnd Bergmann
2024-03-28 16:35 ` Dan Carpenter
2024-04-08 14:45 ` Arnd Bergmann
2024-04-08 15:59 ` Dan Carpenter
2024-04-08 19:20 ` Arnd Bergmann
2024-03-28 14:04 ` [PATCH 04/11] orangefs: convert strncpy() to strscpy() Arnd Bergmann
2024-03-28 23:17 ` Justin Stitt
2024-03-28 14:04 ` [PATCH 05/11] test_hexdump: avoid string truncation warning Arnd Bergmann
2024-03-28 23:54 ` Justin Stitt
2024-04-08 15:38 ` Arnd Bergmann
2024-04-08 19:53 ` Justin Stitt
2024-03-28 14:04 ` [PATCH 06/11] acpi: avoid warning for truncated string copy Arnd Bergmann
2024-03-28 23:20 ` Justin Stitt
2024-04-08 14:41 ` Rafael J. Wysocki
2024-03-28 14:04 ` [PATCH 07/11] block/partitions/ldm: convert strncpy() to strscpy() Arnd Bergmann
2024-03-28 23:24 ` Justin Stitt
2024-03-28 14:04 ` [PATCH 08/11] blktrace: convert strncpy() to strscpy_pad() Arnd Bergmann
2024-03-28 14:14 ` Steven Rostedt
2024-04-08 18:05 ` Arnd Bergmann
2024-03-28 14:04 ` [PATCH 09/11] staging: rtl8723bs: convert strncpy to strscpy Arnd Bergmann
2024-03-28 23:01 ` Justin Stitt
2024-04-08 18:15 ` Arnd Bergmann
2024-03-28 14:04 ` [PATCH 10/11] staging: greybus: change strncpy() to strscpy() Arnd Bergmann
2024-03-28 15:00 ` Dan Carpenter
2024-04-08 18:26 ` Arnd Bergmann
2024-04-09 7:09 ` Dan Carpenter [this message]
2024-03-28 23:28 ` Justin Stitt
2024-04-08 18:30 ` Arnd Bergmann
2024-03-28 14:04 ` [PATCH 11/11] kbuild: enable -Wstringop-truncation globally Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3bdbb7aa-d9b4-40ec-836b-ae5978cda9e0@moroto.mountain \
--to=dan.carpenter@linaro.org \
--cc=arnd@arndb.de \
--cc=arnd@kernel.org \
--cc=christophe.jaillet@wanadoo.fr \
--cc=elder@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=greybus-dev@lists.linaro.org \
--cc=johan@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=vireshk@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.