linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	torvalds@osdl.org
Subject: SECURITY - data leakage due to incorrect strncpy implementation
Date: 11 Jul 2003 22:45:37 +0100	[thread overview]
Message-ID: <1057959932.20637.51.camel@dhcp22.swansea.linux.org.uk> (raw)
In-Reply-To: <Pine.LNX.4.44.0307112100240.843-100000@artax.karlin.mff.cuni.cz>

On Gwe, 2003-07-11 at 20:04, Mikulas Patocka wrote:
> What's the difference there? strlcpy always creates null-terminated
> string, strncpy doesn't. strncpy in kernel (unlike user strncpy) does not
> pad the whole destination buffer with zeros (see comment and
> implementation in lib/string.c), so I don't see any point why strncpy
> should be more secure.

Lots of kernel drivers rely on the libc definition of strncpy. 

Lets update the bug report to "2.4 and 2.5 both leak arbitary kernel data
to user space" tho thankfully in small pieces. Fix required. (bcc'd to Mark to 
assign a CAN number)

And for 2.4-ac I'm going to simply go make strncpy do what it says in the
book. For 2.5 the same is true and cleaner (since those who use strlcpy
properly don't take any performance hit). Actually it may make sense to 
backport strlcpy for those odd performance critical ones.

I don't think its that serious a bug - the odds of getting a critical bit of
someone elses data are remarkably low but it wants fixing.

Alan


  reply	other threads:[~2003-07-11 21:33 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-11 17:05 Sound updating, security of strlcpy and a question on pci v unload Alan Cox
2003-07-11 19:04 ` Mikulas Patocka
2003-07-11 21:45   ` Alan Cox [this message]
2003-07-11 22:10     ` SECURITY - data leakage due to incorrect strncpy implementation Alan Cox
2003-07-11 23:49       ` Paul Mackerras
2003-07-12 21:28       ` Horst von Brand
2003-07-13  8:02         ` Alan Cox
2003-07-11 22:44     ` Linus Torvalds
2003-07-11 22:50       ` Alan Cox
2004-01-29  3:11         ` Pete Zaitcev
2003-07-11 22:37   ` Sound updating, security of strlcpy and a question on pci v unload Mitchell Blank Jr
2003-07-12  0:08 ` Greg KH
2004-01-29  8:57 SECURITY - data leakage due to incorrect strncpy implementation Martin Schwidefsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1057959932.20637.51.camel@dhcp22.swansea.linux.org.uk \
    --to=alan@lxorguk.ukuu.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mikulas@artax.karlin.mff.cuni.cz \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).