From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751674AbeADATg (ORCPT + 1 other); Wed, 3 Jan 2018 19:19:36 -0500 Received: from one.firstfloor.org ([193.170.194.197]:51722 "EHLO one.firstfloor.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751204AbeADATf (ORCPT ); Wed, 3 Jan 2018 19:19:35 -0500 Date: Wed, 3 Jan 2018 16:19:34 -0800 From: Andi Kleen To: Hugues FRUCHET Cc: Andi Kleen , "linux-kernel@vger.kernel.org" , "akpm@linux-foundation.org" , Andi Kleen , "mchehab@s-opensource.com" Subject: Re: [PATCH] Fix read buffer overflow in delta-ipc Message-ID: <20180104001933.3jcawm7eqrfgmvr7@two.firstfloor.org> References: <20171222001212.1850-1-andi@firstfloor.org> <74958ca0-e78e-0505-f738-1ddda50d8ead@st.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <74958ca0-e78e-0505-f738-1ddda50d8ead@st.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, Jan 03, 2018 at 09:40:04AM +0000, Hugues FRUCHET wrote: > Hi Andi, > Thanks for the patch but I would suggest to use strlcpy instead, this > will guard msg.name overwriting and add the NULL termination in case > of truncation: > - memcpy(msg.name, name, sizeof(msg.name)); > - msg.name[sizeof(msg.name) - 1] = 0; > + strlcpy(msg.name, name, sizeof(msg.name)); I'm not an expert on your setup, but it seems strlcpy would leak some uninitialized stack data over your ipc mechanism. strclpy doesn't pad the data. If the IPC is a security boundary that would be a security bug. So I think the original patch is better than strlcpy. -Andi