From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: David Herrmann <dh.herrmann@gmail.com>,
Jiri Kosina <jkosina@suse.cz>, Sasha Levin <sashal@kernel.org>,
linux-input@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 41/68] Revert "HID: uhid: use strlcpy() instead of strncpy()"
Date: Thu, 29 Nov 2018 00:55:32 -0500 [thread overview]
Message-ID: <20181129055559.159228-41-sashal@kernel.org> (raw)
In-Reply-To: <20181129055559.159228-1-sashal@kernel.org>
From: David Herrmann <dh.herrmann@gmail.com>
[ Upstream commit 4d26d1d1e8065bb3326a7c06d5d4698e581443a9 ]
This reverts commit 336fd4f5f25157e9e8bd50e898a1bbcd99eaea46.
Please note that `strlcpy()` does *NOT* do what you think it does.
strlcpy() *ALWAYS* reads the full input string, regardless of the
'length' parameter. That is, if the input is not zero-terminated,
strlcpy() will *READ* beyond input boundaries. It does this, because it
always returns the size it *would* copy if the target was big enough,
not the truncated size it actually copied.
The original code was perfectly fine. The hid device is
zero-initialized and the strncpy() functions copied up to n-1
characters. The result is always zero-terminated this way.
This is the third time someone tried to replace strncpy with strlcpy in
this function, and gets it wrong. I now added a comment that should at
least make people reconsider.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/uhid.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c
index 051639c09f72..840634e0f1e3 100644
--- a/drivers/hid/uhid.c
+++ b/drivers/hid/uhid.c
@@ -497,12 +497,13 @@ static int uhid_dev_create2(struct uhid_device *uhid,
goto err_free;
}
- len = min(sizeof(hid->name), sizeof(ev->u.create2.name));
- strlcpy(hid->name, ev->u.create2.name, len);
- len = min(sizeof(hid->phys), sizeof(ev->u.create2.phys));
- strlcpy(hid->phys, ev->u.create2.phys, len);
- len = min(sizeof(hid->uniq), sizeof(ev->u.create2.uniq));
- strlcpy(hid->uniq, ev->u.create2.uniq, len);
+ /* @hid is zero-initialized, strncpy() is correct, strlcpy() not */
+ len = min(sizeof(hid->name), sizeof(ev->u.create2.name)) - 1;
+ strncpy(hid->name, ev->u.create2.name, len);
+ len = min(sizeof(hid->phys), sizeof(ev->u.create2.phys)) - 1;
+ strncpy(hid->phys, ev->u.create2.phys, len);
+ len = min(sizeof(hid->uniq), sizeof(ev->u.create2.uniq)) - 1;
+ strncpy(hid->uniq, ev->u.create2.uniq, len);
hid->ll_driver = &uhid_hid_driver;
hid->bus = ev->u.create2.bus;
--
2.17.1
next prev parent reply other threads:[~2018-11-29 5:59 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-29 5:54 [PATCH AUTOSEL 4.19 01/68] media: vicodec: lower minimum height to 360 Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 02/68] media: cec: check for non-OK/NACK conditions while claiming a LA Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 03/68] media: omap3isp: Unregister media device as first Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 04/68] media: ipu3-cio2: Unregister device nodes first, then release resources Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 05/68] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 06/68] brcmutil: really fix decoding channel info for 160 MHz bandwidth Sasha Levin
2018-11-29 11:49 ` Kalle Valo
2018-11-29 16:54 ` Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 07/68] mt76: fix building without CONFIG_LEDS_CLASS Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 08/68] iommu/ipmmu-vmsa: Fix crash on early domain free Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 09/68] scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 10/68] can: ucan: remove set but not used variable 'udev' Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 11/68] can: rcar_can: Fix erroneous registration Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 12/68] test_firmware: fix error return getting clobbered Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 13/68] HID: input: Ignore battery reported by Symbol DS4308 Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 14/68] batman-adv: Use explicit tvlv padding for ELP packets Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 15/68] batman-adv: Expand merged fragment buffer for full packet Sasha Levin
2018-11-29 10:00 ` Sergei Shtylyov
2018-11-29 10:04 ` Sergei Shtylyov
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 16/68] amd/iommu: Fix Guest Virtual APIC Log Tail Address Register Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 17/68] bnx2x: Assign unique DMAE channel number for FW DMAE transactions Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 18/68] qed: Fix PTT leak in qed_drain() Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 19/68] qed: Fix overriding offload_tc by protocols without APP TLV Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 20/68] qed: Fix rdma_info structure allocation Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 21/68] qed: Fix reading wrong value in loop condition Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 22/68] usb: dwc2: pci: Fix an error code in probe Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 23/68] Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers" Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 24/68] s390/ism: clear dmbe_mask bit before SMC IRQ handling Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 25/68] nvme-fc: resolve io failures during connect Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 26/68] bnxt_en: Fix filling time in bnxt_fill_coredump_record() Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 27/68] drm/amdgpu: Add amdgpu "max bpc" connector property (v2) Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 28/68] drm/amd/display: Support " Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 29/68] net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 30/68] net/mlx4_core: Fix uninitialized variable compilation warning Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 31/68] net/mlx4: Fix UBSAN warning of signed integer overflow Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 32/68] drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 33/68] gpio: pxa: fix legacy non pinctrl aware builds again Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 34/68] gpio: mockup: fix indicated direction Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 35/68] tc-testing: tdc.py: ignore errors when decoding stdout/stderr Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 36/68] tc-testing: tdc.py: Guard against lack of returncode in executed command Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 37/68] mtd: rawnand: qcom: Namespace prefix some commands Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 38/68] cpufreq: ti-cpufreq: Only register platform_device when supported Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 39/68] exec: make de_thread() freezable Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 40/68] ALSA: hda/ca0132 - Add new ZxR quirk Sasha Levin
2018-11-29 14:51 ` Connor McAdams
2018-12-05 16:00 ` Sasha Levin
2018-11-29 5:55 ` Sasha Levin [this message]
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 42/68] HID: steam: remove input device when a hid client is running Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 43/68] HID: multitouch: Add pointstick support for Cirque Touchpad Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 44/68] mtd: spi-nor: Fix Cadence QSPI page fault kernel panic Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 45/68] net: ena: fix crash during failed resume from hibernation Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 46/68] NFSv4: Fix a NFSv4 state manager deadlock Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 47/68] qed: Fix bitmap_weight() check Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 48/68] qed: Fix QM getters to always return a valid pq Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 49/68] net/ibmnvic: Fix deadlock problem in reset Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 50/68] riscv: fix warning in arch/riscv/include/asm/module.h Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 51/68] iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 52/68] iomap: sub-block dio needs to zeroout beyond EOF Sasha Levin
2018-11-29 12:19 ` Dave Chinner
2018-11-29 12:36 ` Amir Goldstein
2018-11-29 22:43 ` Dave Chinner
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 53/68] iomap: dio data corruption and spurious errors when pipes fill Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 54/68] iomap: readpages doesn't zero page tail beyond EOF Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 55/68] net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 56/68] iommu/vt-d: Use memunmap to free memremap Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 57/68] NFSv4.2 copy do not allocate memory under the lock Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 58/68] flexfiles: use per-mirror specified stateid for IO Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 59/68] net/dim: Update DIM start sample after each DIM iteration Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 60/68] net: thunderx: set xdp_prog to NULL if bpf_prog_add fails Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 61/68] ibmvnic: Fix RX queue buffer cleanup Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 62/68] ibmvnic: Update driver queues after change in ring size support Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 63/68] virtio-net: disable guest csum during XDP set Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 64/68] virtio-net: fail XDP set if guest csum is negotiated Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 65/68] team: no need to do team_notify_peers or team_mcast_rejoin when disabling port Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 66/68] net: amd: add missing of_node_put() Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 67/68] net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 68/68] net: gemini: Fix copy/paste error Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181129055559.159228-41-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dh.herrmann@gmail.com \
--cc=jkosina@suse.cz \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).