From: Michael Ellerman <mpe@ellerman.id.au>
To: rostedt@goodmis.org
Cc: linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com, jannh@google.com,
keescook@chromium.org
Subject: Re: [PATCH v2 1/2] seq_buf: Make seq_buf_puts() null-terminate the buffer
Date: Wed, 12 Dec 2018 22:21:46 +1100 [thread overview]
Message-ID: <87imzzvvlh.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <20181019042109.8064-1-mpe@ellerman.id.au>
Hi Steve,
Friendly ping :)
Do you mind picking this one up for 4.21 ?
cheers
Michael Ellerman <mpe@ellerman.id.au> writes:
> Currently seq_buf_puts() will happily create a non null-terminated
> string for you in the buffer. This is particularly dangerous if the
> buffer is on the stack.
>
> For example:
>
> char buf[8];
> char secret = "secret";
> struct seq_buf s;
>
> seq_buf_init(&s, buf, sizeof(buf));
> seq_buf_puts(&s, "foo");
> printk("Message is %s\n", buf);
>
> Can result in:
>
> Message is fooªªªªªsecret
>
> We could require all users to memset() their buffer to zero before
> use. But that seems likely to be forgotten and lead to bugs.
>
> Instead we can change seq_buf_puts() to always leave the buffer in a
> null-terminated state.
>
> The only downside is that this makes the buffer 1 character smaller
> for seq_buf_puts(), but that seems like a good trade off.
>
> Acked-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
> ---
> lib/seq_buf.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> v2: Fix NULL/null terminology.
>
> diff --git a/lib/seq_buf.c b/lib/seq_buf.c
> index 11f2ae0f9099..6aabb609dd87 100644
> --- a/lib/seq_buf.c
> +++ b/lib/seq_buf.c
> @@ -144,9 +144,13 @@ int seq_buf_puts(struct seq_buf *s, const char *str)
>
> WARN_ON(s->size == 0);
>
> + /* Add 1 to len for the trailing null byte which must be there */
> + len += 1;
> +
> if (seq_buf_can_fit(s, len)) {
> memcpy(s->buffer + s->len, str, len);
> - s->len += len;
> + /* Don't count the trailing null byte against the capacity */
> + s->len += len - 1;
> return 0;
> }
> seq_buf_set_overflow(s);
> --
> 2.17.2
next prev parent reply other threads:[~2018-12-12 11:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-19 4:21 [PATCH v2 1/2] seq_buf: Make seq_buf_puts() null-terminate the buffer Michael Ellerman
2018-10-19 4:21 ` [PATCH v2 2/2] seq_buf: Use size_t for len in seq_buf_puts() Michael Ellerman
2018-12-12 11:21 ` Michael Ellerman [this message]
2018-12-12 13:45 ` [PATCH v2 1/2] seq_buf: Make seq_buf_puts() null-terminate the buffer Steven Rostedt
2018-12-12 13:50 ` Steven Rostedt
2018-12-18 3:58 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imzzvvlh.fsf@concordia.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).