From: laniel_francis@privacyrequired.com
To: linux-hardening@vger.kernel.org, netdev@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org, keescook@chromium.org,
Francis Laniel <laniel_francis@privacyrequired.com>
Subject: [RESEND,net-next,PATCH v5 1/3] Fix unefficient call to memset before memcpu in nla_strlcpy.
Date: Sun, 15 Nov 2020 18:08:04 +0100 [thread overview]
Message-ID: <20201115170806.3578-2-laniel_francis@privacyrequired.com> (raw)
In-Reply-To: <20201115170806.3578-1-laniel_francis@privacyrequired.com>
From: Francis Laniel <laniel_francis@privacyrequired.com>
Before this commit, nla_strlcpy first memseted dst to 0 then wrote src into it.
This is inefficient because bytes whom number is less than src length are written
twice.
This patch solves this issue by first writing src into dst then fill dst with
0's.
Note that, in the case where src length is higher than dst, only 0 is written.
Otherwise there are as many 0's written to fill dst.
For example, if src is "foo\0" and dst is 5 bytes long, the result will be:
1. "fooGG" after memcpy (G means garbage).
2. "foo\0\0" after memset.
Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
lib/nlattr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/nlattr.c b/lib/nlattr.c
index 74019c8ebf6b..07156e581997 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -731,8 +731,9 @@ size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
if (dstsize > 0) {
size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
- memset(dst, 0, dstsize);
memcpy(dst, src, len);
+ /* Zero pad end of dst. */
+ memset(dst + len, 0, dstsize - len);
}
return srclen;
--
2.20.1
next prev parent reply other threads:[~2020-11-15 17:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-15 17:08 [RESEND,net-next,PATCH v5 0/3] Fix inefficiences and rename nla_strlcpy laniel_francis
2020-11-15 17:08 ` laniel_francis [this message]
2020-11-15 17:08 ` [RESEND,net-next,PATCH v5 2/3] Modify return value of nla_strlcpy to match that of strscpy laniel_francis
2020-11-15 17:08 ` [RESEND,net-next,PATCH v5 3/3] treewide: rename nla_strlcpy to nla_strscpy laniel_francis
2020-11-16 17:22 ` [RESEND,net-next,PATCH v5 0/3] Fix inefficiences and rename nla_strlcpy Jakub Kicinski
2020-11-16 18:17 ` Francis Laniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201115170806.3578-2-laniel_francis@privacyrequired.com \
--to=laniel_francis@privacyrequired.com \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).