From: Hugues FRUCHET <hugues.fruchet@st.com>
To: Andi Kleen <andi@firstfloor.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
Andi Kleen <ak@linux.intel.com>,
"mchehab@s-opensource.com" <mchehab@s-opensource.com>
Subject: Re: [PATCH] Fix read buffer overflow in delta-ipc
Date: Thu, 4 Jan 2018 09:53:38 +0000 [thread overview]
Message-ID: <de6f4128-24ee-ed67-e5c6-baeb6220ae97@st.com> (raw)
In-Reply-To: <20180104001933.3jcawm7eqrfgmvr7@two.firstfloor.org>
Hi Andi,
Anyway we cannot keep strcpy, if name is not NULL terminated case,
msg.name is overflowed.
Trying to find some safe design pattern about that, I've found strscpy:
https://lwn.net/Articles/643376/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30c44659f4a3e7e1f9f47e895591b4b40bf62671
which clearly indicates error in case of overflow, so code becomes:
- memcpy(msg.name, name, sizeof(msg.name));
- msg.name[sizeof(msg.name) - 1] = 0;
+ if (strscpy(msg.name, name, sizeof(msg.name)) <= 0)
+ goto err;
What do you think of this proposal ?
Best regards,
Hugues.
On 01/04/2018 01:19 AM, Andi Kleen wrote:
> On Wed, Jan 03, 2018 at 09:40:04AM +0000, Hugues FRUCHET wrote:
>> Hi Andi,
>> Thanks for the patch but I would suggest to use strlcpy instead, this
>> will guard msg.name overwriting and add the NULL termination in case
>> of truncation:
>> - memcpy(msg.name, name, sizeof(msg.name));
>> - msg.name[sizeof(msg.name) - 1] = 0;
>> + strlcpy(msg.name, name, sizeof(msg.name));
>
> I'm not an expert on your setup, but it seems strlcpy would leak some
> uninitialized stack data over your ipc mechanism. strclpy doesn't pad the
> data. If the IPC is a security boundary that would be a security bug.
>
> So I think the original patch is better than strlcpy.
>
> -Andi
>
prev parent reply other threads:[~2018-01-04 9:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-22 0:12 [PATCH] Fix read buffer overflow in delta-ipc Andi Kleen
2018-01-03 9:40 ` Hugues FRUCHET
2018-01-04 0:19 ` Andi Kleen
2018-01-04 9:53 ` Hugues FRUCHET [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=de6f4128-24ee-ed67-e5c6-baeb6220ae97@st.com \
--to=hugues.fruchet@st.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@s-opensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.