From patchwork Mon Feb 22 15:12:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098833 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68035C433E0 for ; Mon, 22 Feb 2021 15:13:26 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 7F99564DF5 for ; Mon, 22 Feb 2021 15:13:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7F99564DF5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20781-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 21858 invoked by uid 550); 22 Feb 2021 15:12:55 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 21692 invoked from network); 22 Feb 2021 15:12:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=P+jxf/c6aKxBtKoS9ZDFkjl+nA7mB7wt86sqHcoIgnU=; b=Igj+NEPkPWJoijrkRrH/caY1E5NfYkZDCZBhzVHmscEXfl+nAU78Fds4ChKT5iDrNC 3Re67QcqVO7PVhLnnkmbHNIeb4QyzO5LpMQ4CZh3L5ljZOXZ9UxWRynfgTwVM+sUAJz5 klfGDgvY+/fw5TX3ymZqTbgFogQvObV/nXFCkcasHwi372vovAHjSr/7Kasiuj3uHNm+ jYyltTXRnnMePNacdNKWXGIGVEiOdKvLF5ZfEGDiQsT7/511k9S7wlrFXMT5o10kLEz1 AUdPF2xJqw9I/8FJ1VAcA1OHMF/rlP127zcAuRQ/pTd7Nj+AR1jK/ld7mx5nqdHC6ElF QPKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=P+jxf/c6aKxBtKoS9ZDFkjl+nA7mB7wt86sqHcoIgnU=; b=SBEtOpbZspZVmgGLsACZb6SAo1FSzAABr9VbSFmzviN44BFDb4RJWGf6zMGOzx55h7 bKtcFLnruhDqbCmHUPN7lqG99D77Sg5ISWbaS/jzC6/UR+2HOZFy+S1pD+kOpMigTb4n wTeopuOP2dK1e9OnU72lVZ13tlvV9KCQg6GNQ/+L73iRJDFGVvOGTGoBtZVNUwVVZ8B/ iFZ5h9s73Ngj6nEvB0VN/dR8a3s2820Lt4d3p4Yg0Jm+GufuJlKyL8mtEhHyOKoQlOpf rrSYXPaMZu3i0qZKltuK3JDfcMw0ry/+oZasKhfZXQHKiaY/J5BxMiTi/3K4EFRHbRw1 +HPw== X-Gm-Message-State: AOAM532MK29tIe9CSEGh8HN/UbwUBtKOODg6E0aYDEdfNHIuK3BAZmgO 7RgIBCO0uS0Cm9X9co1P1s8= X-Google-Smtp-Source: ABdhPJxSlaj/wGXQlhqcVSW+B87GwGWyLb3NE7717uuSVwOWnbMB2HGUqdE8D01xTcPB39n3ZpB3HQ== X-Received: by 2002:a05:6000:10c5:: with SMTP id b5mr22235769wrx.284.1614006762869; Mon, 22 Feb 2021 07:12:42 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Tejun Heo , Zefan Li , Johannes Weiner Cc: Romain Perier , cgroups@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 01/20] cgroup: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:12 +0100 Message-Id: <20210222151231.22572-2-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier Signed-off-by: Michal Koutný --- kernel/cgroup/cgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 1ea995f801ec..bac0dc2ff8ad 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -2265,7 +2265,7 @@ int task_cgroup_path(struct task_struct *task, char *buf, size_t buflen) ret = cgroup_path_ns_locked(cgrp, buf, buflen, &init_cgroup_ns); } else { /* if no hierarchy exists, everyone is in "/" */ - ret = strlcpy(buf, "/", buflen); + ret = strscpy(buf, "/", buflen); } spin_unlock_irq(&css_set_lock); From patchwork Mon Feb 22 15:12:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098835 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1B02C433E0 for ; Mon, 22 Feb 2021 15:13:35 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id C065664DF5 for ; Mon, 22 Feb 2021 15:13:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C065664DF5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20782-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 22046 invoked by uid 550); 22 Feb 2021 15:12:56 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 21913 invoked from network); 22 Feb 2021 15:12:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bS+BhtUH3R5L/9GDlP7BU+Ce2CmxRyCIWCNfBp1I6gM=; b=V5cR30vb5ardXeLt1d88QjtqI6/PZWMibuMU6FBWH9EF+5K4B7ctOb8EB9Nyw2+5O/ B9DRlg8fmqjkflRlIWXPb5PmqND8ANbJzfMVVl6CfSc/H95nHm1PyuLvjBrysK2xDjmV eQLwLsWF227SCr5APVYITzaqAgCw//AAItH+IWl2SAeN4LzRXmXEYvJ6PecDGNySDc4p IoZJSdblCMO+SeXF9z861+jky4AvY48blDSwbc8Fqk59soEOkZ0EbZpniMgaPfg21OVW xxChBbjW63ip25O/FvjUxtYu+nOdaku8Z27gVkmqS2yhU3cjha3zgR6FIYJxsFTOQmWY 2aZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bS+BhtUH3R5L/9GDlP7BU+Ce2CmxRyCIWCNfBp1I6gM=; b=Uvrp9fGXoRjm08+DG6Uclp6y5MeTbuf5txzz7K2ejxIiSsWw8NC2s5h4E7nTlThOxf MYVib+sj3qTm/Dlf0GNGxRUvW3y0Zr8UpVPwHKb7qKRjDxnUNJ3tqhEprJsMmUxQbVm0 DNcsgZ3T872S5ugs78LLLZg50gzhZTBC6BJ/Kam5lV5MiqcFb8W8UO0RWN+dWr+3E50G XCQToquuydeQvQXK4irbdx/8bU1xhWCEnOq7I1aetdLospJf3Wx1bXJ8NYBjJslvV1wN uerh+v+rhFNj4BIlXSqwAsjQLFzxejT75Oowle/rNPg1spxyIOMKqrGr2gD/2yPTlnf2 cmTw== X-Gm-Message-State: AOAM530TOUqQEitWqEC46jz36+jW1IhLlYULnZpNCd4CN9eT9kr3JSXw w+yGF7lfmKjSNvHlx6DR9VE= X-Google-Smtp-Source: ABdhPJw11x5IL7ncOL+63QUugBE7PetgqUhUecRWWpL8gsY5S92hRrmOrK8XXRALroxCO+KKqgCkIA== X-Received: by 2002:a1c:7705:: with SMTP id t5mr14179710wmi.148.1614006764022; Mon, 22 Feb 2021 07:12:44 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Herbert Xu , "David S. Miller" Cc: Romain Perier , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 02/20] crypto: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:13 +0100 Message-Id: <20210222151231.22572-3-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- crypto/lrw.c | 6 +++--- crypto/xts.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/lrw.c b/crypto/lrw.c index bcf09fbc750a..4d35f4439012 100644 --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -357,10 +357,10 @@ static int lrw_create(struct crypto_template *tmpl, struct rtattr **tb) * cipher name. */ if (!strncmp(cipher_name, "ecb(", 4)) { - unsigned len; + ssize_t len; - len = strlcpy(ecb_name, cipher_name + 4, sizeof(ecb_name)); - if (len < 2 || len >= sizeof(ecb_name)) + len = strscpy(ecb_name, cipher_name + 4, sizeof(ecb_name)); + if (len == -E2BIG || len < 2) goto err_free_inst; if (ecb_name[len - 1] != ')') diff --git a/crypto/xts.c b/crypto/xts.c index 6c12f30dbdd6..1dfe39d61418 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -396,10 +396,10 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb) * cipher name. */ if (!strncmp(cipher_name, "ecb(", 4)) { - unsigned len; + ssize_t len; - len = strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name)); - if (len < 2 || len >= sizeof(ctx->name)) + len = strscpy(ctx->name, cipher_name + 4, sizeof(ctx->name)); + if (len == -E2BIG || len < 2) goto err_free_inst; if (ctx->name[len - 1] != ')') From patchwork Mon Feb 22 15:12:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098837 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5FE80C433E0 for ; Mon, 22 Feb 2021 15:13:46 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 7FCBD64E77 for ; Mon, 22 Feb 2021 15:13:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7FCBD64E77 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20783-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 22174 invoked by uid 550); 22 Feb 2021 15:12:58 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 22052 invoked from network); 22 Feb 2021 15:12:56 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pdGuMOt4W9f6d632mZ/3+qcmk+vyhqvdNPaPLq7IjEM=; b=k6YPsBKxhiIVQgrR1NdSYHdWn4S97ym5N5LCHyB5TOSQxclZfqhb+K112mwVOvPdbc YsUsd4glncxcxs/mU+68rO2yBsai6OJMWHsI7TDIBaGyHKBwGGMOcRdSxtby0dHsakBU xudObvNr9cstN2fAOzMrQywEDT+qKOMFCrVBy1Yvo5/K3pN1wuEhu5nMw7+Vn4P+oyzq kPMccoOCphrMrfGWAsxbhPcYfTeCYThv/ZThSHcajVGLTJ648gdvc90RDNiEvAwmz1CF EodIi/cqA2HJ68SYPUU3JACVRe/vGDjIvh4jIeA6QGbl9MIa6ktk+C1cJU8HA7lmYQtu aDrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pdGuMOt4W9f6d632mZ/3+qcmk+vyhqvdNPaPLq7IjEM=; b=WQ9vMmCULLTvNPmxxcmq+937BirInJRalJYMzmlYWGmStQLiVNwBOjcaRuftaP5DA8 EeOu3J4ZrBjHrq+UvbN1dy8Wd88cEjZrkEdDOOhkx/lrFQH+L3W54EZ2GK048CUxpd69 VNVLfRvJixgAb/g0O8Z0nkGMxzKYPcTS0qEtgbojs/zGO4hzc2Y3V/uuGjjDYasa8ha6 ZsQx6W4Lm/xQ6G63yAMAlFk0yTxVJFHRVGO3lDKnzygm1kewfmRkA/kJDKW4fhZ1axuG HqcHjDmTHyL71rl2vFLbCYl+mVMYRsMW8HasTAkG/EGprW6PHeH8S59cr/C0xCggKbVc AeOQ== X-Gm-Message-State: AOAM53012pchvNpMgttWM8m2bnHw1ZvX8R1GN4VdXAsPfCzfJ5LeZoze S0BMD+JVfyyg9pYCIC+FAU0Ayl16CPkFXB/CiqM= X-Google-Smtp-Source: ABdhPJxrpzigvnHf99oo4cOIbGkxhLJ4N3VZOzCxRfNHMT7x79PfV4RdRx6LhrL4FqA9HYIKUqBMqg== X-Received: by 2002:adf:ff88:: with SMTP id j8mr15600241wrr.62.1614006765655; Mon, 22 Feb 2021 07:12:45 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Jiri Pirko Cc: Romain Perier , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/20] devlink: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:14 +0100 Message-Id: <20210222151231.22572-4-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- net/core/devlink.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/core/devlink.c b/net/core/devlink.c index 737b61c2976e..7eb445460c92 100644 --- a/net/core/devlink.c +++ b/net/core/devlink.c @@ -9461,10 +9461,10 @@ EXPORT_SYMBOL_GPL(devlink_port_param_value_changed); void devlink_param_value_str_fill(union devlink_param_value *dst_val, const char *src) { - size_t len; + ssize_t len; - len = strlcpy(dst_val->vstr, src, __DEVLINK_PARAM_MAX_STRING_VALUE); - WARN_ON(len >= __DEVLINK_PARAM_MAX_STRING_VALUE); + len = strscpy(dst_val->vstr, src, __DEVLINK_PARAM_MAX_STRING_VALUE); + WARN_ON(len == -E2BIG); } EXPORT_SYMBOL_GPL(devlink_param_value_str_fill); From patchwork Mon Feb 22 15:12:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098839 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98714C433E0 for ; Mon, 22 Feb 2021 15:13:59 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id B443664E77 for ; Mon, 22 Feb 2021 15:13:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B443664E77 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20784-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 22275 invoked by uid 550); 22 Feb 2021 15:12:58 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 22176 invoked from network); 22 Feb 2021 15:12:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=YByzcYLbOT1FbVq7W/iPz1yV9tO4yNodoZHiZ+8vsb4=; b=R5bTKuwSZfiTHw6sQBKH/77xOM7ENB9Wls1sA2mT5ciYD1/ZMOeou2Exj8X3p+MbPY cUoivQD3TUa4RigPCyw3YoC3o1vIfe8umtW75zeiIxpZfHKb/h6bxwZVexAZHXWmDLBm OEcua6ZvtH4jIMiyhrS56W0+nTqUXMm7bN5XC1qRoxtiJiKLYdQD7gTbCoNU3lS1l0E2 gIRp+GBzjvJxR3vo1aYTFOBh4bfPnPbk7dx5MsQeOya+siDPjpnDs26vCPWnenTSPN/v yVHVAt/sq16RjIBcpQYcl9AiT1IKbIeB3AC7Y+i4njEdWtdOqL0QAaG43ySBwD+7AMlJ fI6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YByzcYLbOT1FbVq7W/iPz1yV9tO4yNodoZHiZ+8vsb4=; b=bKKoo/oE25Vs053n1onBTh51wxn5ypAMc+s3+6/UtCNh7iGBdpR0W76Gi42HbDhbCd 6UmUomI1Y4TlTo9sYTSGfqz45pKopPt2AY2tOvUGAsBzHlRJ0KXMA/ELA2nW/t6henR+ 7Es8pzWHsI/gMsFOG7Ya5e2SMQrxFYKHLx/9c/yJAQT6CoijHSlmJ7bTZtSfI/y5F3/C DKY1ZsyKSGNE4QRM5orf+NILTfvutG1STGEnupgOv9L0UFfvrfaoQz7S5RDbY2rft8i0 0NiEBpVmgZs/unVXKUnePyWRzkj1CFc86g5XgXfvZUoLHmjrJdUgaB0f/DLqTdzYkytB Vc8g== X-Gm-Message-State: AOAM532PEhMUA6R2xdmXXehKweuXtRfGZ3xPx9LpWKTDrGpV4Vk/r7cx GuPppYnGG+0CzsIo10iEN3o= X-Google-Smtp-Source: ABdhPJxU2vGpa+8wC1SXGOcCy8k2fmqGbntcVq+4bVDVPsoZbAKl5HHMxz/ILTdabK3Q5VQIwNIKDw== X-Received: by 2002:a7b:c184:: with SMTP id y4mr13880282wmi.1.1614006766877; Mon, 22 Feb 2021 07:12:46 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Sumit Semwal , =?utf-8?q?Christian_K=C3=B6nig?= Cc: Romain Perier , linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/20] dma-buf: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:15 +0100 Message-Id: <20210222151231.22572-5-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/dma-buf/dma-buf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index f264b70c383e..515192f2f404 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -42,12 +42,12 @@ static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) { struct dma_buf *dmabuf; char name[DMA_BUF_NAME_LEN]; - size_t ret = 0; + ssize_t ret = 0; dmabuf = dentry->d_fsdata; spin_lock(&dmabuf->name_lock); if (dmabuf->name) - ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN); + ret = strscpy(name, dmabuf->name, DMA_BUF_NAME_LEN); spin_unlock(&dmabuf->name_lock); return dynamic_dname(dentry, buffer, buflen, "/%s:%s", From patchwork Mon Feb 22 15:12:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098841 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BDDDC433E0 for ; Mon, 22 Feb 2021 15:14:14 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 62FEE64E77 for ; Mon, 22 Feb 2021 15:14:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 62FEE64E77 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20785-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 22371 invoked by uid 550); 22 Feb 2021 15:13:00 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 22326 invoked from network); 22 Feb 2021 15:12:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=S1lCywCtYVxEsnuw6UX2uJMQ5VyTPpsEmxTnLQJHs4w=; b=rWf86sGXPcNotlzO6S3Y7LO5Nm2WfrkvTP72KQo9Y1VVv5HcanSJASCmDSQC/FvS4l 4X+BnIYovgNuWrjBcRMMgByxaJJKo+WuEdB5B4TeeH5KAB/k0o74OaToO8dP5U+NeEuv kjZevojzhOKXgUYIqK4jZ7+a8FFI4fyWPiYx976xmPlhyZGLbZFjCJRnjHuPAx0agih+ CBwler96z49x42STZP1ftWGwflDrYvL5xmIdJrvmSrGhRlJ+bHCMVys2WE6akJcWlLDD pN58SYbZPSp/1g7GyQVoqT/QQavBz69bDTBxGFZjGXmlE5vLK087Q62L8G+gsKUJ9TPk vUPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=S1lCywCtYVxEsnuw6UX2uJMQ5VyTPpsEmxTnLQJHs4w=; b=KwuOYqDblSW/x4EpBD8XkbVEvF3kSJMD0QDaGn6EE35a/TAi0L68ltziH7x9XeP3Iu q+2HID3AVdab6n3BSoNYf/0BMiKNbZHVMttGMjBRTmVtmR4hENb0eQB8WJCAFN14UYEL 0Jm+sy3bRvAB0z8YTrE6cyZqfkcLUUEoNp+O3bE+4RoDdZmoO9yj08Ir5g5rKgCq3eAf pCWz3V+l/j3lLAo7tclSAoBjiBbwXAn7L4TO6dKS6C5Rv1KD4fZk/HMezddpoqEHVsyK bJhUnoSP77aSW7z6Al/ktZhoWPFPPD3s3kydNpyqMsM40Uyj56CzTDVVkm5OatKpM2gw g2sA== X-Gm-Message-State: AOAM532uj85k+8GLi+VCjld9Oa4Dgm8zZ9Ks4ihkQSVwGtJD2XJctwzw JsxPsS7LXqxsxbb/aD9ZVBM= X-Google-Smtp-Source: ABdhPJxdv2k+gVDTX8PjxaPQz6UiDFMRMwv8LZF9w+l6PKqIasSjklSPneGhJPBCNfwEJDSzCT51jg== X-Received: by 2002:a7b:c14d:: with SMTP id z13mr14117614wmi.6.1614006768018; Mon, 22 Feb 2021 07:12:48 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman Cc: Romain Perier , "Rafael J. Wysocki" , linux-kernel@vger.kernel.org Subject: [PATCH 05/20] kobject: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:16 +0100 Message-Id: <20210222151231.22572-6-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- lib/kobject_uevent.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c index 7998affa45d4..9dca89b76a22 100644 --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c @@ -251,11 +251,11 @@ static int kobj_usermode_filter(struct kobject *kobj) static int init_uevent_argv(struct kobj_uevent_env *env, const char *subsystem) { - int len; + ssize_t len; - len = strlcpy(&env->buf[env->buflen], subsystem, + len = strscpy(&env->buf[env->buflen], subsystem, sizeof(env->buf) - env->buflen); - if (len >= (sizeof(env->buf) - env->buflen)) { + if (len == -E2BIG) { WARN(1, KERN_ERR "init_uevent_argv: buffer size too small\n"); return -ENOMEM; } From patchwork Mon Feb 22 15:12:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098843 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0543C433DB for ; Mon, 22 Feb 2021 15:14:29 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 12CAB64E83 for ; Mon, 22 Feb 2021 15:14:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 12CAB64E83 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20786-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 23595 invoked by uid 550); 22 Feb 2021 15:13:02 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 22450 invoked from network); 22 Feb 2021 15:13:00 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LLkuX0+ITGWZ/iVnAzMULSxwtPPckweuLMISePt9ssw=; b=BPykAZVvUp4icbQV3I8OKq3dgj9xE7I0bXvTLRa+lLFvT2T9S46GpK5rzpalk0vka7 EMAebBc4xNncmRW0iYtFoKILmLT9xpNRKjXNkKgGb+RdrBDYrM86Ih0zaynkmOTCb5LP NaKo4wGex24T0J5JuUZcwofRPEBZMW4HusebFD6CYD7Muei1Q9Ep+FX3tFJoNNyi6fQ4 vE8B0dAximKDBpReNOj1/mEWaFJRZGAdbJ6d3RmzX4lwPElZ4tQbzdIkzl+VgYesDdXm 1qtG97aM1OEtTOrV6g9qGUbFcX4kZio/WjmW8dJAY8W54ikoDB+MgxYkLUCWt2nF9F/v xpkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LLkuX0+ITGWZ/iVnAzMULSxwtPPckweuLMISePt9ssw=; b=LdPNVkEL2hZuPqWYjUmpis3fO+TDt4MYmoMcKsrjPN6wrxbs+KwsBYkzTJp/QV19rN 8ugG4BzaHGSrIAoSFU269N7xJptJNsMB48Pkaswuzv56cuD29PZTK3/UMz8eiiTEIgTI ZYI2F7TS0Tr6kIB9BBjZB3NsknO59oCE+E9K+Dnu/dAFtQ0PBqxMfMkNygyIvGTrE9g9 BsNQfTh5zYlMvmYNe8KgUilEbaog51+o1bNrasbC6VWAysgaOEvJSBL4rP1rZFVgWF4L ifNT7XLS4pE9JSYFITvHqMGlwIONT3MxoWVUJJc2+mCyxKuvQulnlydcrAKp+qBd/dN2 c1Gg== X-Gm-Message-State: AOAM532AkKck16+WpI1KAxYSX6My1THGgyG9t1ywM4MhWsbSQTO5qbSg T1QfPa5rwjCbLoaS6HplrL8= X-Google-Smtp-Source: ABdhPJxc30UcYQVY9SrjO7shc//rXjLfBfc8tuVxMSyonaZSmDzTDDA/bQLZBQpXRC/u5O+PvGH7Xw== X-Received: by 2002:a1c:2094:: with SMTP id g142mr20921780wmg.101.1614006769655; Mon, 22 Feb 2021 07:12:49 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Mimi Zohar , Dmitry Kasatkin Cc: Romain Perier , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 06/20] ima: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:17 +0100 Message-Id: <20210222151231.22572-7-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier Acked-by: Mimi Zohar --- security/integrity/ima/ima_policy.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 9b45d064a87d..1a905b8b064f 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -790,8 +790,14 @@ static int __init ima_init_arch_policy(void) for (rules = arch_rules, i = 0; *rules != NULL; rules++) { char rule[255]; int result; + ssize_t len; - result = strlcpy(rule, *rules, sizeof(rule)); + len = strscpy(rule, *rules, sizeof(rule)); + if (len == -E2BIG) { + pr_warn("Internal copy of architecture policy rule '%s' " + "failed. Skipping.\n", *rules); + continue; + } INIT_LIST_HEAD(&arch_policy_entry[i].list); result = ima_parse_rule(rule, &arch_policy_entry[i]); From patchwork Mon Feb 22 15:12:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098845 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5593C433E0 for ; Mon, 22 Feb 2021 15:14:47 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id B675564EC3 for ; Mon, 22 Feb 2021 15:14:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B675564EC3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20787-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 23652 invoked by uid 550); 22 Feb 2021 15:13:03 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 22489 invoked from network); 22 Feb 2021 15:13:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=65uTl/DL0ujA6C8p6tAwX4+93DKKilnR81zX6h8q1v8=; b=b1r1t7/9FkfFvI8NzbPsWItaj3Vp8C1YOhKzqWDv/cIeky/XuHH9lL48rVM1yGCDQM rYYwTs+SOxYhOfw5Z+59Gn+navsY/NfttlX1NbrQUYk/Qc68NddzJFdzbuDTX8GpQLTB wBhgKXIFZug2leJR1e8TkH+md11czHNCQqs3jqi6qv/eTwSfES1On6EUG6wqwVsDiUix Arv9gm7BT3V09ls3cWgJky4r8RyyC5tqLKw9aJDFkjVJrMUgDoc1sjDc5ACqVM5Up1wS KWkZfPcFZM7K4Dxoj66LfT6arTk1SvQk5+ZkE9/v9Ipd9E7sGPqzMMaStGYWCyqNPQSI YxaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=65uTl/DL0ujA6C8p6tAwX4+93DKKilnR81zX6h8q1v8=; b=rLphuBhXouQZaSBjok7L//ESS3sn4NV/5rpAhHWNW7UqAfTBC2Ze9viWj2ZFQV5rhQ RxPyMb9nnTEv2cPf+2Y9cnKrAmh2JPv3t0sbTiIMCOo3aktOjEpmVtJmvNXXOz7ynHXf jdc1sl2ip/O7dnkZBuOBf2WqKV5yZJJn40MBdeZ0GMkiP12k8QMgQ/Uh3xjh22dW0ug9 2BGXwc2f0LDP/IGbn33QbCQv3sj62P3QaV7+6ZVSB8BqQe0+tqwTDQ2AwgajZqTxJLVD 36dCi2WqU534hoO8dQIgrPLplEQS9jEqL1Pm8bSCf2YMrehI/pp+JmXkrQqrsGxKdK9O HrQg== X-Gm-Message-State: AOAM5330YLLJqKDIm3jfYNpvzPY0xSRiB2MH9UlHDONyhOY8nSOHRWJk z76PgnFIHNwqpCwhn3LbxoY= X-Google-Smtp-Source: ABdhPJyr+0yYY214oKEDBI29fhzZwAOghMQnhkDW+SagA7DHVRiuybGQ/ITWc05OdOmwnuyzlppXNA== X-Received: by 2002:a1c:ac86:: with SMTP id v128mr20718184wme.175.1614006770799; Mon, 22 Feb 2021 07:12:50 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, "J. Bruce Fields" , Chuck Lever Cc: Romain Perier , linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 07/20] SUNRPC: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:18 +0100 Message-Id: <20210222151231.22572-8-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- net/sunrpc/clnt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c index 612f0a641f4c..3c5c4ad8a808 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -282,7 +282,7 @@ static struct rpc_xprt *rpc_clnt_set_transport(struct rpc_clnt *clnt, static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename) { - clnt->cl_nodelen = strlcpy(clnt->cl_nodename, + clnt->cl_nodelen = strscpy(clnt->cl_nodename, nodename, sizeof(clnt->cl_nodename)); } @@ -422,6 +422,10 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, nodename = utsname()->nodename; /* save the nodename */ rpc_clnt_set_nodename(clnt, nodename); + if (clnt->cl_nodelen == -E2BIG) { + err = -ENOMEM; + goto out_no_path; + } err = rpc_client_register(clnt, args->authflavor, args->client_name); if (err) From patchwork Mon Feb 22 15:12:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098847 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 008BDC433DB for ; Mon, 22 Feb 2021 15:15:04 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2D16864EC3 for ; Mon, 22 Feb 2021 15:15:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2D16864EC3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20788-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 23716 invoked by uid 550); 22 Feb 2021 15:13:04 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 23656 invoked from network); 22 Feb 2021 15:13:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fvdst0ke5NfAjFDKzfIGeJQUVrU5WqaPoSE7N9OL8Lk=; b=ByUTfEFTtBWT1+a0ndUHz1KXLJgEtcEoht2zWrZ92q9qenV/FW/QItrNFBA9yTMyEu nAxoZ+5AXu3tbOCmNa03Q8qLomQDKJiPxv7eM+CBxbCITTfPr61VnFrxqNLmeXxlwO3D NSpdRj4Lfc+il7l9Z296wz7zGGhZmRTTRRQtCoJTKm2wn4y36LdYZ9EjyeLCQJ4lYebI mYOlnGVeZdOkqV6tdEV2vpkWfpAsY7t3TGFQ6/SyIT186qvj7qU7fcfJQq7KTLm3B5ig A/gh1JqPwarb2PAOkQI97K0mXH1teQXM1pBWa2rExNw6siyEglWGb/yNUH+O8aiFhMYI 3MXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fvdst0ke5NfAjFDKzfIGeJQUVrU5WqaPoSE7N9OL8Lk=; b=irB4jE0bxpSIqEVMO7JF0By76UpTBtdfApteRh6Kug9LqU3Psn5BlRwMGOsdb6j32w wQO19uRS1C4NGm7OlLnV+5RPWg3Vvd8vmfq0MVTO07Qb+PBQosCKcz9+qym5F8nDp7Tm 79FoUJgpdOxeMPH7qzvldTgwzlJa+MyVR2Q2eLbEGL4hbxvCeHwDqa9GzK0dvvLWFNXy Aos7MwToLDlPWt9kCXLL905DYgCldRXXVxPl5O5AGEaCjfTxJqYAcsSzcjK1Zerv6zoR PzfhP+vwYFQutuPkeV8Wd6zAawePQpmKQ4bzpNF1p3So25ktupJK0r1/RDsssAH7GYd7 fx9Q== X-Gm-Message-State: AOAM533jSYpJSB/JGRWSd0wP2gnCsuNqx1EucOfta3+QooR8GnQJGW4M EeeNa0sNmxShFCI9sgVhI/Rev8gCnHSTDYgVjHo= X-Google-Smtp-Source: ABdhPJx3HdU5Aax1CbhYORFA+t6gTkfB7mL2V+O6OWbY4u994qmgJk/1EWCkqEb3ImN5wm0C+wO/uA== X-Received: by 2002:a1c:c906:: with SMTP id f6mr20165149wmb.128.1614006771938; Mon, 22 Feb 2021 07:12:51 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , Tejun Heo Cc: Romain Perier , linux-kernel@vger.kernel.org Subject: [PATCH 08/20] kernfs: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:19 +0100 Message-Id: <20210222151231.22572-9-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- fs/kernfs/dir.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c index 7a53eed69fef..9e65b595d880 100644 --- a/fs/kernfs/dir.c +++ b/fs/kernfs/dir.c @@ -42,9 +42,9 @@ static bool kernfs_lockdep(struct kernfs_node *kn) static int kernfs_name_locked(struct kernfs_node *kn, char *buf, size_t buflen) { if (!kn) - return strlcpy(buf, "(null)", buflen); + return strscpy(buf, "(null)", buflen); - return strlcpy(buf, kn->parent ? kn->name : "/", buflen); + return strscpy(buf, kn->parent ? kn->name : "/", buflen); } /* kernfs_node_depth - compute depth from @from to @to */ @@ -125,17 +125,18 @@ static int kernfs_path_from_node_locked(struct kernfs_node *kn_to, { struct kernfs_node *kn, *common; const char parent_str[] = "/.."; - size_t depth_from, depth_to, len = 0; + size_t depth_from, depth_to; + ssize_t len = 0; int i, j; if (!kn_to) - return strlcpy(buf, "(null)", buflen); + return strscpy(buf, "(null)", buflen); if (!kn_from) kn_from = kernfs_root(kn_to)->kn; if (kn_from == kn_to) - return strlcpy(buf, "/", buflen); + return strscpy(buf, "/", buflen); if (!buf) return -EINVAL; @@ -150,16 +151,16 @@ static int kernfs_path_from_node_locked(struct kernfs_node *kn_to, buf[0] = '\0'; for (i = 0; i < depth_from; i++) - len += strlcpy(buf + len, parent_str, + len += strscpy(buf + len, parent_str, len < buflen ? buflen - len : 0); /* Calculate how many bytes we need for the rest */ for (i = depth_to - 1; i >= 0; i--) { for (kn = kn_to, j = 0; j < i; j++) kn = kn->parent; - len += strlcpy(buf + len, "/", + len += strscpy(buf + len, "/", len < buflen ? buflen - len : 0); - len += strlcpy(buf + len, kn->name, + len += strscpy(buf + len, kn->name, len < buflen ? buflen - len : 0); } @@ -173,8 +174,8 @@ static int kernfs_path_from_node_locked(struct kernfs_node *kn_to, * @buflen: size of @buf * * Copies the name of @kn into @buf of @buflen bytes. The behavior is - * similar to strlcpy(). It returns the length of @kn's name and if @buf - * isn't long enough, it's filled upto @buflen-1 and nul terminated. + * similar to strscpy(). It returns the length of @kn's name and if @buf + * isn't long enough or @buflen is 0, it returns -E2BIG. * * Fills buffer with "(null)" if @kn is NULL. * @@ -858,7 +859,7 @@ static struct kernfs_node *kernfs_walk_ns(struct kernfs_node *parent, const unsigned char *path, const void *ns) { - size_t len; + ssize_t len; char *p, *name; lockdep_assert_held(&kernfs_mutex); @@ -866,9 +867,9 @@ static struct kernfs_node *kernfs_walk_ns(struct kernfs_node *parent, /* grab kernfs_rename_lock to piggy back on kernfs_pr_cont_buf */ spin_lock_irq(&kernfs_rename_lock); - len = strlcpy(kernfs_pr_cont_buf, path, sizeof(kernfs_pr_cont_buf)); + len = strscpy(kernfs_pr_cont_buf, path, sizeof(kernfs_pr_cont_buf)); - if (len >= sizeof(kernfs_pr_cont_buf)) { + if (len == -E2BIG) { spin_unlock_irq(&kernfs_rename_lock); return NULL; } From patchwork Mon Feb 22 15:12:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05A68C433E0 for ; Mon, 22 Feb 2021 15:15:22 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 20AD164E04 for ; Mon, 22 Feb 2021 15:15:20 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 20AD164E04 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20789-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 23776 invoked by uid 550); 22 Feb 2021 15:13:05 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 23729 invoked from network); 22 Feb 2021 15:13:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DkOt0yrBVyRKH79yBKw6bfM0jQaRrACpcMjpjEsTbCk=; b=XovTNWHwTCos9xzXipmutbAdCB13MpWujMUaUW7i4hXpx6rYXFXRPIZ8/iNIwrIi2R IbP55z5TmCskc2vHnE7UiDvlds9Z4mcKkR0XlN2D3QfmOmA+nY0FgXuDfsvASdnr3ug3 czItvGV4svJ/yme+wrTkvACH9L18hK0r1/zHtY+6xV+8xbuoGUGOBpls8YgfkWLuxWBa 91YJKDhrgBm2P2OxXOxoUunNoOsDqTJcdQI2B7Chr/RrYqxeCm3jBUh0z5PE43xzj+Fs tWiylFYaUFkWZvLYXuEpybk/gQzm7sudrmZpNp3/2HLP7goAXFs5HwUHuZEsY0S7zSKy ZGXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DkOt0yrBVyRKH79yBKw6bfM0jQaRrACpcMjpjEsTbCk=; b=G62pxTZMkco/SsQsk8XsLmYYfHOe+7YkBs3+0rDY3nBHVWK2mF2YBkGXNx6dLjLOjz dC3YusnFxygqe5ecfkOASmqojvwp1hGE+xF7nOT4iW6lJg9ur8lNHGdG5SoUuuxkHJJC Yk3lpIEz2DJMn70UjTkrnn55DF1ucXovHjkhuYUx4ChpXdlVTqy1ld8DGxDnTys/nZ8n uoYsYedHEZ5irtX4qcfTxbmkzEdvkcTVaKD4c7HksSNAw3YapOABdKBar29Ii7zkFm+V VgL3CHTa67+XhGW+M1+vH7AQr3iw4aa4GrX/Vt9YfYWqw9fVfUtvBENrb0A9SvP7DROg KdgA== X-Gm-Message-State: AOAM533kDoVC7f4h1dmPDRt+e7el/xxU6ib7oDKFzO+FpNWiSDEcBJkU 6zA7zwIfOtgj1Bcm2sZ39zc= X-Google-Smtp-Source: ABdhPJzqndAalbnZM20kjoLXRdtC8IozfrJChCqLGB5rdddPCSw4ZQcEBtySznNjVccHSoocrtBBLg== X-Received: by 2002:a5d:524b:: with SMTP id k11mr1010025wrc.122.1614006773420; Mon, 22 Feb 2021 07:12:53 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Geert Uytterhoeven Cc: Romain Perier , linux-m68k@lists.linux-m68k.org, linux-kernel@vger.kernel.org Subject: [PATCH 09/20] m68k/atari: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:20 +0100 Message-Id: <20210222151231.22572-10-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- arch/m68k/emu/natfeat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/m68k/emu/natfeat.c b/arch/m68k/emu/natfeat.c index 71b78ecee75c..fbb3454d3c6a 100644 --- a/arch/m68k/emu/natfeat.c +++ b/arch/m68k/emu/natfeat.c @@ -41,10 +41,10 @@ long nf_get_id(const char *feature_name) { /* feature_name may be in vmalloc()ed memory, so make a copy */ char name_copy[32]; - size_t n; + ssize_t n; - n = strlcpy(name_copy, feature_name, sizeof(name_copy)); - if (n >= sizeof(name_copy)) + n = strscpy(name_copy, feature_name, sizeof(name_copy)); + if (n == -E2BIG) return 0; return nf_get_id_phys(virt_to_phys(name_copy)); From patchwork Mon Feb 22 15:12:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27238C433DB for ; Mon, 22 Feb 2021 15:15:43 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 4E5EA64E04 for ; Mon, 22 Feb 2021 15:15:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4E5EA64E04 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20790-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 23990 invoked by uid 550); 22 Feb 2021 15:13:07 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 23853 invoked from network); 22 Feb 2021 15:13:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=d9B3We5q5jUlMWnG7lj9lYkkhNy18/R2y/H2GADaTPU=; b=J2kQ3vgVupU7YxCo469wvYqdCl6XIMH1CifuQ6lqo0nfRC2HC6qL/Hu7pPCFG3wVO1 AJazkQBjIjycD2lZ2tVJtpvRGnBbWvjygTtzO12wMEmdOoqMIugwge6SiA/Mm5obxsQr xXpUUBL9z6E+LMv2K1hQSqXMteumLji9331jU57wo5EZTBponbsQF1QtOv3ibUuWxkHO N+SUraB7WMmiVjmFhmv9Mgg65zS+YNWiqPx1ByHJvn7Sdk/lEeXk5zzivUQgdj8w8ky2 bFKG71ukVVa4UrLln4GZ/r1c+3Q5U1+p6+5vMMXCIASLnj7jIEcdH8m4E+FqvfH3U3Ey dkvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=d9B3We5q5jUlMWnG7lj9lYkkhNy18/R2y/H2GADaTPU=; b=LqB/Qo818zlA8PTTcq3KDSavNYE6OUvTM0ibRkn0intiLJpTDojSqfCkj5gDywVZvr CvSawBTBJukOF58MpTLs7KLf7pWc/CgLI+hGXToEgV5mG1/rFDfvWQD9AGGMI9OIOVLt FxE9mpn6b7p9J/VUWXk1yx/n7TcX/3oQzVk2HD4DK0dupdMlhO7rpB/7ntjs5lVF5Uqh BKIB+qF+p2jeKULSrfsgf/15WuDCRSzWB6IfuRsGbqJlR1lwCN2uYv0xIdyN/IbQF+Uz 7ZObulcNiuPXYeSqkwwypKmmeCW7HbWrft9T8ixh5iDi8mEu3CfgF6gkhygVmyLT0w0Q MzNQ== X-Gm-Message-State: AOAM530YikP9N2koSuP3wKvcwfavfw4pKFrSNZYEQqUUVghDkAq4s6DW Tz0MLkPhS0fHA2wHhvV5YW8= X-Google-Smtp-Source: ABdhPJxDf8AHZgB69k5I3nPeFatACq/O425spQLOXZFJX8APIsbJQSLk4JPCzbFKiTm033Oj1UXGFw== X-Received: by 2002:a1c:1bc4:: with SMTP id b187mr20410506wmb.18.1614006774481; Mon, 22 Feb 2021 07:12:54 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Jessica Yu Cc: Romain Perier , linux-kernel@vger.kernel.org Subject: [PATCH 10/20] module: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:21 +0100 Message-Id: <20210222151231.22572-11-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- kernel/module.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c index 4bf30e4b3eaa..46aad8e92a81 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2814,6 +2814,7 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) Elf_Sym *dst; char *s; Elf_Shdr *symsec = &info->sechdrs[info->index.sym]; + ssize_t len; /* Set up to point into init section. */ mod->kallsyms = mod->init_layout.base + info->mod_kallsyms_init_off; @@ -2841,8 +2842,9 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) mod->kallsyms->typetab[i]; dst[ndst] = src[i]; dst[ndst++].st_name = s - mod->core_kallsyms.strtab; - s += strlcpy(s, &mod->kallsyms->strtab[src[i].st_name], + len = strscpy(s, &mod->kallsyms->strtab[src[i].st_name], KSYM_NAME_LEN) + 1; + s += (len != -E2BIG) ? len : 0; } } mod->core_kallsyms.num_symtab = ndst; From patchwork Mon Feb 22 15:12:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26B17C433E0 for ; Mon, 22 Feb 2021 15:16:06 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 0FB636148E for ; Mon, 22 Feb 2021 15:16:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0FB636148E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20791-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24045 invoked by uid 550); 22 Feb 2021 15:13:08 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 23975 invoked from network); 22 Feb 2021 15:13:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wq4bDTy7O0vk/Xl+ds0X25qRB7OEnbCpsrwWx7YRZDc=; b=EWsVGNiIfiAcsHDWWrBuDfJ4HB/Yx65evF3pcHQ49AcFAsLtIVjJgbtPtnIOVVgbMU rTmE3lmoF8kswxq3stmLItzpXu5iDLSXUAH8TkorU+U9306F+cC0cXkgDooGGHkZ1/ip aaizJ+GXbNvK9eYjocx0vXNq5tFQWOec96RtxdzDT7H1VvqrFusc+kS19qP5lTK9vLCT xx9AcO+UQWJqOv7QmIKkcxojx/Pzc4wiP4G8h2Y0FvA8pd8liGA1IwYQfhaFFcuQeH/f uUaclQgc0h2SGBx5pvft17Gt2cmXL9752DIiMFpDCtu71yXFidMCqCwo7ld1lD3OaMS9 mPKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wq4bDTy7O0vk/Xl+ds0X25qRB7OEnbCpsrwWx7YRZDc=; b=gIp7DpU93OoOY2+ZEfJrsaEFR9HWLdixKGEensERv6UVc/YsvT3LqEzKYRCs2TVHSd IrFBlF/Bklly4BgGwk+GQA85OdU49tVh1E1fP+LgKel8gdd71gCCginM0+/KVZs2b+uV W8hAuojJprs1UngAieMbUap5aO2zo1aS9pUcH5luNFJz5HImpOHnt7hpkvql122bhd1t RVNXAFOU0hc+m1PbvAYLrxuLKusUNRfOHWM/EQuKw8FfNS0HYRbB2GPXdiRvkis+e4Av eWRxw0Iy3TttllF+oFkH4fUgiZHJbNlvCp0UK5iUvcbYik5o9BHEKT3CjcnrT9kvN/co u/dg== X-Gm-Message-State: AOAM532casMrouFJh0w6QD7F6TmDzxLX3srb3Ki600Dx48ifWWB0sDeL BiWqdDpaBx2CaK5DF2C+5+lF7lYBQbKsoZZnPXY= X-Google-Smtp-Source: ABdhPJyJWNmCSm/Ui0rMFFKZx/hnNI+YYBQlrfpdochjr/Q5i7g2NMK3qCKtgS6PUnTBdo+H1ja/VA== X-Received: by 2002:a05:600c:410d:: with SMTP id j13mr9505033wmi.55.1614006775620; Mon, 22 Feb 2021 07:12:55 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Guenter Roeck Cc: Romain Perier , linux-hwmon@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 11/20] hwmon: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:22 +0100 Message-Id: <20210222151231.22572-12-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/hwmon/pmbus/max20730.c | 66 +++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/drivers/hwmon/pmbus/max20730.c b/drivers/hwmon/pmbus/max20730.c index 9dd3dd79bc18..a384b57b7327 100644 --- a/drivers/hwmon/pmbus/max20730.c +++ b/drivers/hwmon/pmbus/max20730.c @@ -107,7 +107,8 @@ struct max20730_debugfs_data { static ssize_t max20730_debugfs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { - int ret, len; + int ret; + ssize_t len; int *idxp = file->private_data; int idx = *idxp; struct max20730_debugfs_data *psu = to_psu(idxp, idx); @@ -148,13 +149,13 @@ static ssize_t max20730_debugfs_read(struct file *file, char __user *buf, >> MAX20730_MFR_DEVSET1_TSTAT_BIT_POS; if (val == 0) - len = strlcpy(tbuf, "2000\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "2000\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "125\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "125\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "62.5\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "62.5\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "32\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "32\n", DEBUG_FS_DATA_MAX); break; case MAX20730_DEBUGFS_INTERNAL_GAIN: val = (data->mfr_devset1 & MAX20730_MFR_DEVSET1_RGAIN_MASK) @@ -163,35 +164,35 @@ static ssize_t max20730_debugfs_read(struct file *file, char __user *buf, if (data->id == max20734) { /* AN6209 */ if (val == 0) - len = strlcpy(tbuf, "0.8\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.8\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "3.2\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "3.2\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "1.6\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "1.6\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "6.4\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "6.4\n", DEBUG_FS_DATA_MAX); } else if (data->id == max20730 || data->id == max20710) { /* AN6042 or AN6140 */ if (val == 0) - len = strlcpy(tbuf, "0.9\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.9\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "3.6\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "3.6\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "1.8\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "1.8\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "7.2\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "7.2\n", DEBUG_FS_DATA_MAX); } else if (data->id == max20743) { /* AN6042 */ if (val == 0) - len = strlcpy(tbuf, "0.45\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.45\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "1.8\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "1.8\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "0.9\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.9\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "3.6\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "3.6\n", DEBUG_FS_DATA_MAX); } else { - len = strlcpy(tbuf, "Not supported\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "Not supported\n", DEBUG_FS_DATA_MAX); } break; case MAX20730_DEBUGFS_BOOT_VOLTAGE: @@ -199,26 +200,26 @@ static ssize_t max20730_debugfs_read(struct file *file, char __user *buf, >> MAX20730_MFR_DEVSET1_VBOOT_BIT_POS; if (val == 0) - len = strlcpy(tbuf, "0.6484\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.6484\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "0.8984\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.8984\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "1.0\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "1.0\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "Invalid\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "Invalid\n", DEBUG_FS_DATA_MAX); break; case MAX20730_DEBUGFS_OUT_V_RAMP_RATE: val = (data->mfr_devset2 & MAX20730_MFR_DEVSET2_VRATE) >> MAX20730_MFR_DEVSET2_VRATE_BIT_POS; if (val == 0) - len = strlcpy(tbuf, "4\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "4\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "2\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "2\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "1\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "1\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "Invalid\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "Invalid\n", DEBUG_FS_DATA_MAX); break; case MAX20730_DEBUGFS_OC_PROTECT_MODE: ret = (data->mfr_devset2 & MAX20730_MFR_DEVSET2_OCPM_MASK) @@ -230,13 +231,13 @@ static ssize_t max20730_debugfs_read(struct file *file, char __user *buf, >> MAX20730_MFR_DEVSET2_SS_BIT_POS; if (val == 0) - len = strlcpy(tbuf, "0.75\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "0.75\n", DEBUG_FS_DATA_MAX); else if (val == 1) - len = strlcpy(tbuf, "1.5\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "1.5\n", DEBUG_FS_DATA_MAX); else if (val == 2) - len = strlcpy(tbuf, "3\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "3\n", DEBUG_FS_DATA_MAX); else - len = strlcpy(tbuf, "6\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "6\n", DEBUG_FS_DATA_MAX); break; case MAX20730_DEBUGFS_IMAX: ret = (data->mfr_devset2 & MAX20730_MFR_DEVSET2_IMAX_MASK) @@ -287,9 +288,12 @@ static ssize_t max20730_debugfs_read(struct file *file, char __user *buf, "%d.%d\n", ret / 10000, ret % 10000); break; default: - len = strlcpy(tbuf, "Invalid\n", DEBUG_FS_DATA_MAX); + len = strscpy(tbuf, "Invalid\n", DEBUG_FS_DATA_MAX); } + if (len == -E2BIG) + return -E2BIG; + return simple_read_from_buffer(buf, count, ppos, tbuf, len); } From patchwork Mon Feb 22 15:12:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB5CCC4332D for ; Mon, 22 Feb 2021 15:16:27 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id E6DEE6148E for ; Mon, 22 Feb 2021 15:16:26 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E6DEE6148E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20792-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24113 invoked by uid 550); 22 Feb 2021 15:13:09 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24005 invoked from network); 22 Feb 2021 15:13:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=x89BexqXo3Pbh3lJ7Z3KsfvIYs1RyNkeULZlTFZ42+U=; b=eFetgx/wQhK3HZ2gWlP04SHuML29p37v+tAFLedoJXj9GkZFBC/hupx34Gp6IhDGrE +07FYvjDqIGmymb825+gtZPd+MCkrhBe7yfvasFOdWBH3MP0soii3st4v4Rbt7YdNej9 UTT4FS8vqX+AkkbPmTrO8blnZrh1Qig1NIXl1iqgxFg9guKAa66TCQ9oCVQNzyj76UQC i5TIiYQoNHpnluAMOPEn4xuLmlemsKwaGUEROA9LQN5OUnIbA3RJgpga8G+TAiUQTv9Z +0ABoKr1oOu6/txw6FcOaR67h0RIYSFyvOGxG6Yrmx+bMEdom+zC7HXCnaP8admDuyx8 1MuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=x89BexqXo3Pbh3lJ7Z3KsfvIYs1RyNkeULZlTFZ42+U=; b=CBdibtzefTyShITDsvWskaCHTM1GKvrC+1NNLL+z53wodi5G0ovkJkg5PuKBDcPpLg lkXEKGJPfNVGCfI9ct2YvzP2WRsrWLwnWMFRddNxPnOcncty+Ci3pOssifW96aWO0MIi /ra60KtcmYI7vBOWxO/0aItYlrqEOYK27qaY3fhDX49Y7U9eTTwdUcrlAz0fGxn9gHom 20x0CJ6sOUezBK1U6e1h0NKl1FZyMWfSIxYwW1A+XUpro+4L/br2cu++nXaOqw18hK3H bdnA+yGjqH5DPH6XQB2VSsZB13Kdbf+EVr2W1OiyAWdM10FrWlcuMZRXun1Vk0VjLttL +idw== X-Gm-Message-State: AOAM531/LjLszpSCOUi3M2fcKSEUt9ZEtRm8afg5PGzqkiKrzIpiH4Qv MuLHjhGyWfIgcSk6ySk0E3Q= X-Google-Smtp-Source: ABdhPJyyLj7nPo4kA6f6+G83yp5TJSPhh3+lb/y0vT/f7lNvvrjPJjDSCO/PqGqFpOrjePvhXxy5eQ== X-Received: by 2002:a1c:2e04:: with SMTP id u4mr20581364wmu.79.1614006776742; Mon, 22 Feb 2021 07:12:56 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Heiko Carstens , Vasily Gorbik , Christian Borntraeger Cc: Romain Perier , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 12/20] s390/hmcdrv: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:23 +0100 Message-Id: <20210222151231.22572-13-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/s390/char/diag_ftp.c | 4 ++-- drivers/s390/char/sclp_ftp.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/s390/char/diag_ftp.c b/drivers/s390/char/diag_ftp.c index 6bf1058de873..c198dfcc85be 100644 --- a/drivers/s390/char/diag_ftp.c +++ b/drivers/s390/char/diag_ftp.c @@ -158,8 +158,8 @@ ssize_t diag_ftp_cmd(const struct hmcdrv_ftp_cmdspec *ftp, size_t *fsize) goto out; } - len = strlcpy(ldfpl->fident, ftp->fname, sizeof(ldfpl->fident)); - if (len >= HMCDRV_FTP_FIDENT_MAX) { + len = strscpy(ldfpl->fident, ftp->fname, sizeof(ldfpl->fident)); + if (len == -E2BIG) { len = -EINVAL; goto out_free; } diff --git a/drivers/s390/char/sclp_ftp.c b/drivers/s390/char/sclp_ftp.c index dfdd6c8fd17e..525156926592 100644 --- a/drivers/s390/char/sclp_ftp.c +++ b/drivers/s390/char/sclp_ftp.c @@ -87,7 +87,7 @@ static int sclp_ftp_et7(const struct hmcdrv_ftp_cmdspec *ftp) struct completion completion; struct sclp_diag_sccb *sccb; struct sclp_req *req; - size_t len; + ssize_t len; int rc; req = kzalloc(sizeof(*req), GFP_KERNEL); @@ -114,9 +114,9 @@ static int sclp_ftp_et7(const struct hmcdrv_ftp_cmdspec *ftp) sccb->evbuf.mdd.ftp.length = ftp->len; sccb->evbuf.mdd.ftp.bufaddr = virt_to_phys(ftp->buf); - len = strlcpy(sccb->evbuf.mdd.ftp.fident, ftp->fname, + len = strscpy(sccb->evbuf.mdd.ftp.fident, ftp->fname, HMCDRV_FTP_FIDENT_MAX); - if (len >= HMCDRV_FTP_FIDENT_MAX) { + if (len == -E2BIG) { rc = -EINVAL; goto out_free; } From patchwork Mon Feb 22 15:12:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 875DAC433E0 for ; Mon, 22 Feb 2021 15:16:49 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id A99B36148E for ; Mon, 22 Feb 2021 15:16:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A99B36148E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20793-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24183 invoked by uid 550); 22 Feb 2021 15:13:10 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24073 invoked from network); 22 Feb 2021 15:13:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7hFnLRkgd4Q0qw+7HAuuUUWLWJVPby5EiSXIS4L9oGQ=; b=dT612FLTVPEz8XRs6mxabgghhhSms68v480SapGnLo7hxIioNIX+ObgFDoRQuVg5S4 vAVjOP6C0XlZwDHg1qPCuB3tf2Pelmamb5mfcceNfCa1UKyeyViUmHUDJLgRyS1ut308 d6TQwzb2cIwABwhaJE0AC9Ea3QBZmVSiWT6J9nwYqR8z6JVLP5fJE5i7M0yDxSmIXt05 jb6IJgXvyo1XkwSxbrpfoSdTcvnYX3nSJuSSWWDgrOrB/SDGqpZr0xz1rKH6bR7QMYGV 4nNuhf2kPoPdYm6w3edgiTNVx81wadjOmh2Nx8odGuQJ8uG/3NxzX2wbLm4vQfJ9UCZD 5FiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7hFnLRkgd4Q0qw+7HAuuUUWLWJVPby5EiSXIS4L9oGQ=; b=S/jzfpmab7eO6XKPmGZx/9OL0iIwWL6IuyeDHQPwlra8J/bw4kwFyEEYE7DVEJCV5t W12CEdYX4OwHpfpx5fdEBWOW5u22QJFXSbhJuU/XYZzF5ur8Pn/77jTGoXJt2y6PJq6h Zbp+iqvent6WbMoxxDIY8aPHMb0/hRq0VNHzc+1/y4Fu0imXOFYImne+JeYqQHcHrX4s zLBg+BLT0RpJqKC5Vjff1uiwe0ZWFdt19uPWmz4I/GFghnyQYW+Vwc7tMEKoLo7Hwsh8 7zBNR5nmyLLsfgEBwxUrk+tInY1l/mQI4jP8/VM+pvNT2H4OM0+u9Qsvupq/cEq5Oz+z Uagg== X-Gm-Message-State: AOAM531MftJEIvPatHNskcKNoAbG7U4caXSGOSlw/9lm5V06IQyB931U 7FYjimJf9JEO9pm4H3HiqzE= X-Google-Smtp-Source: ABdhPJzVilHCS3gxDmaUXrsQs/QpvPLFYyKQGlIV5aFkTOiZdT7NP4nfll4p9JTad+ZeVYS+ou+FOA== X-Received: by 2002:a05:600c:3399:: with SMTP id o25mr20222396wmp.13.1614006777981; Mon, 22 Feb 2021 07:12:57 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Steffen Maier , Benjamin Block Cc: Romain Perier , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 13/20] scsi: zfcp: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:24 +0100 Message-Id: <20210222151231.22572-14-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/s390/scsi/zfcp_fc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/s390/scsi/zfcp_fc.c b/drivers/s390/scsi/zfcp_fc.c index d24cafe02708..8a65241011b9 100644 --- a/drivers/s390/scsi/zfcp_fc.c +++ b/drivers/s390/scsi/zfcp_fc.c @@ -877,14 +877,16 @@ static void zfcp_fc_rspn(struct zfcp_adapter *adapter, struct zfcp_fsf_ct_els *ct_els = &fc_req->ct_els; struct zfcp_fc_rspn_req *rspn_req = &fc_req->u.rspn.req; struct fc_ct_hdr *rspn_rsp = &fc_req->u.rspn.rsp; - int ret, len; + int ret; + ssize_t len; zfcp_fc_ct_ns_init(&rspn_req->ct_hdr, FC_NS_RSPN_ID, FC_SYMBOLIC_NAME_SIZE); hton24(rspn_req->rspn.fr_fid.fp_fid, fc_host_port_id(shost)); - len = strlcpy(rspn_req->rspn.fr_name, fc_host_symbolic_name(shost), + len = strscpy(rspn_req->rspn.fr_name, fc_host_symbolic_name(shost), FC_SYMBOLIC_NAME_SIZE); - rspn_req->rspn.fr_name_len = len; + if (len != -E2BIG) + rspn_req->rspn.fr_name_len = len; sg_init_one(&fc_req->sg_req, rspn_req, sizeof(*rspn_req)); sg_init_one(&fc_req->sg_rsp, rspn_rsp, sizeof(*rspn_rsp)); From patchwork Mon Feb 22 15:12:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098891 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7084C433E9 for ; Mon, 22 Feb 2021 15:17:11 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 021B664DF5 for ; Mon, 22 Feb 2021 15:17:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 021B664DF5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20794-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24251 invoked by uid 550); 22 Feb 2021 15:13:11 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24143 invoked from network); 22 Feb 2021 15:13:10 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AaIJGjhVZ09u/EP3bHxMgqdNAjXosc23vp6hWLR+1MA=; b=UmcqE3lzOznpZPI93PnZsK+swpRu7m70pr3gta9k6ZAIq9lPUwIAP1G9soX57vzhSE P/a0sNKNqSnFIIPV7MzCjU+UngDEfNkYIt1Ygt32naA/1AwNmtutkAmWt+cP5uyegNef zE726RgSRt3elVe1YYwaEEYrhpNaIp3q1R/HZBsH0pBTATq61HxX2NdtCGsRw8xtKOvS 7zLaHvg7AsObv5YcMHfFoP3BZaymoqvShDHdx5v0vni/ynrG07sM5E3+GEUdzclERKOi 3vnvPl7WCz5W7zmqT1YjbquukYOHREJtRbP0rGS9D+SWNg+8POkwIaRGxb5jq0Ro4qqy cXPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AaIJGjhVZ09u/EP3bHxMgqdNAjXosc23vp6hWLR+1MA=; b=rHXmhC0Emqpzm1ykVM052WRCr0EM8/EIi7+M2Zlznp0sG6OYjOewiLc1+pFbciZd/7 8qDX5/7KUHzSzAq7zugOe+TEo+taP53+MYwe1BMQNWXjU0MqinKkhtFEOp4r4p5u4ZO2 p7Eb5m+vjxWAjhsqvliXtyP1V0/sgB1K/p9O87meHtD6DxamEJGdb7q06BzrGtWlUjRU Vb2IblgQ4pzE2Yy44oS/QQhPlkvehgAZ7i7Zi3oIhJG4xPQRebOc21Iue70kjho48y8b +3WUqa/HL3tGl7MjtBi7xEgsenKMgkViAYlf/srB2W+KpN5yOxI4eDRJGdYWWEHoZNVo 8auw== X-Gm-Message-State: AOAM533t4yieZBk5pf+Qjt92Xd2oYRA1yPO+yAAZz+bvGD4EjSK8ND9I 0awcS5He4UcFNXLoFWCXU+MCs3znI0swNrZfdjg= X-Google-Smtp-Source: ABdhPJxPIIevSdHpq0bz8dkLKKzkdobBzKa6BG4pC9pZkFSwSrY4yq1GT/LnCNM1hIF4l39fbEWI4g== X-Received: by 2002:a1c:2090:: with SMTP id g138mr20574057wmg.137.1614006779236; Mon, 22 Feb 2021 07:12:59 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, "Martin K. Petersen" Cc: Romain Perier , linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 14/20] target: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:25 +0100 Message-Id: <20210222151231.22572-15-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier Reported-by: kernel test robot --- drivers/target/target_core_configfs.c | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index f04352285155..676215cd8847 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -1325,16 +1325,11 @@ static ssize_t target_wwn_vendor_id_store(struct config_item *item, /* +2 to allow for a trailing (stripped) '\n' and null-terminator */ unsigned char buf[INQUIRY_VENDOR_LEN + 2]; char *stripped = NULL; - size_t len; + ssize_t len; ssize_t ret; - len = strlcpy(buf, page, sizeof(buf)); - if (len < sizeof(buf)) { - /* Strip any newline added from userspace. */ - stripped = strstrip(buf); - len = strlen(stripped); - } - if (len > INQUIRY_VENDOR_LEN) { + len = strscpy(buf, page, sizeof(buf)); + if (len == -E2BIG) { pr_err("Emulated T10 Vendor Identification exceeds" " INQUIRY_VENDOR_LEN: " __stringify(INQUIRY_VENDOR_LEN) "\n"); @@ -1381,16 +1376,11 @@ static ssize_t target_wwn_product_id_store(struct config_item *item, /* +2 to allow for a trailing (stripped) '\n' and null-terminator */ unsigned char buf[INQUIRY_MODEL_LEN + 2]; char *stripped = NULL; - size_t len; + ssize_t len; ssize_t ret; - len = strlcpy(buf, page, sizeof(buf)); - if (len < sizeof(buf)) { - /* Strip any newline added from userspace. */ - stripped = strstrip(buf); - len = strlen(stripped); - } - if (len > INQUIRY_MODEL_LEN) { + len = strscpy(buf, page, sizeof(buf)); + if (len == -E2BIG) { pr_err("Emulated T10 Vendor exceeds INQUIRY_MODEL_LEN: " __stringify(INQUIRY_MODEL_LEN) "\n"); @@ -1437,16 +1427,11 @@ static ssize_t target_wwn_revision_store(struct config_item *item, /* +2 to allow for a trailing (stripped) '\n' and null-terminator */ unsigned char buf[INQUIRY_REVISION_LEN + 2]; char *stripped = NULL; - size_t len; + ssize_t len; ssize_t ret; - len = strlcpy(buf, page, sizeof(buf)); - if (len < sizeof(buf)) { - /* Strip any newline added from userspace. */ - stripped = strstrip(buf); - len = strlen(stripped); - } - if (len > INQUIRY_REVISION_LEN) { + len = strscpy(buf, page, sizeof(buf)); + if (len == -E2BIG) { pr_err("Emulated T10 Revision exceeds INQUIRY_REVISION_LEN: " __stringify(INQUIRY_REVISION_LEN) "\n"); From patchwork Mon Feb 22 15:12:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098893 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFA1FC433DB for ; Mon, 22 Feb 2021 15:17:32 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id D600764DF5 for ; Mon, 22 Feb 2021 15:17:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D600764DF5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20795-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24322 invoked by uid 550); 22 Feb 2021 15:13:12 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24213 invoked from network); 22 Feb 2021 15:13:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WYznJRJi7sEltEuFcbESAgA/1ekiiKcyEWk34Vl4+aw=; b=CcgFY/TizwV98v0EjQpqqprS4kVWLxLIO+yAEtYX9MJDmQjMwKOK0zhLFhUAmTTUvo UYCCmjDnP3NHnqKIuslmK1ckzcpTkXYuvs0ZfCVMNzBvYmY5JxTzUGmctvKraW5OW/3m d3UAE7bzLdvPxuy+csHIHgHU41Y17L8S4vqx0F0JnvKxr1BGWcR0gdJnGyVtMHkBv2OD G+ZRlYUbp7mUHzS2OGp06688Aziy6jCbmBcL2ghihroHV2JxcYem1sy18GTKwUfACGzy RNfbhejFrJtQ2h2UcWWTlvOP9zx7vP2kTgELNmMdR7OqC90iRXVahtQQtVVU1CPFV8sf TYdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WYznJRJi7sEltEuFcbESAgA/1ekiiKcyEWk34Vl4+aw=; b=asMySY7ymg1GaH1rHK0w612EsYYNulKqxAV9qy4X61nuRzLlbzutk65QlH/RZkXXJL AMj/UdjZo0WLr0Omfb5+upNSYCsuDldCcGUcXfUIa3MpsiYpDcRXWkUi74W2R/qCmNAt bFyDTH32KJQ7OrL72p1kCVNBrZYFtnwZPdeQkRCScFf6i3Xun4ghBGa5sV2j4KAcAp4R e82PejkUJLxpjBOMrzXRqzP9kZ+ynNPvhOtUzMXhZg+2cSBLMjBEOyCNHJ68Aj7X52a2 9rhII6bWdmc3YE31Heygk8z9L/I8kyHMMgvZ2Xi8MC7RY0WKHecFZguyvGcXspK0vNVO JiYA== X-Gm-Message-State: AOAM5327KrynqblvLP4LhKqtOhQzaUl7sLXitUtZCQ6rLJqbhGCf86tN CpSkeTuuEub3kaZSq70DiSo= X-Google-Smtp-Source: ABdhPJzjuRXaYt/SRvU62YQ+PqGinj8lFxjNzE0l2PB160Gii4xzWBJxkVSIXDJqoVo/mJEet+g7wQ== X-Received: by 2002:a5d:54cb:: with SMTP id x11mr2479881wrv.165.1614006780305; Mon, 22 Feb 2021 07:13:00 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Jaroslav Kysela , Takashi Iwai Cc: Romain Perier , alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org Subject: [PATCH 15/20] ALSA: usb-audio: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:26 +0100 Message-Id: <20210222151231.22572-16-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- sound/usb/card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/usb/card.c b/sound/usb/card.c index 85ed8507e41a..acb1ea3e16a3 100644 --- a/sound/usb/card.c +++ b/sound/usb/card.c @@ -496,7 +496,7 @@ static void usb_audio_make_longname(struct usb_device *dev, struct snd_card *card = chip->card; const struct usb_audio_device_name *preset; const char *s = NULL; - int len; + ssize_t len; preset = lookup_device_name(chip->usb_id); From patchwork Mon Feb 22 15:12:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098895 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBAC4C433DB for ; Mon, 22 Feb 2021 15:17:57 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id ECA4C6148E for ; Mon, 22 Feb 2021 15:17:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ECA4C6148E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20796-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24401 invoked by uid 550); 22 Feb 2021 15:13:15 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24279 invoked from network); 22 Feb 2021 15:13:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6uS/mI0aatEHqUL9B1S+eTlivdmOLrwoS7EuJ7+U7Sw=; b=XZEw/mrXSku5Su9sqZev/RiL5oSE4cCOxgVcpsEgG3Aw0XC5XGMbZ8sqOGMu46zW6Y pmk88rgk0w35uM+iQ/W6ggkpxsWUssIP76jHTKw/m5goS80GD3UFMggz0J3zCrZw4T1n vxKoG4KOwfSNVFSUKqDil3BAlxJzyV+NzDxhrbyXbGisNTL1SGQQ+XWbAVPjU4Ob+Z8c /8NUJtdfz+cwhHOsdwZbuOZzN2zDOt3EN1OuU2jiw/fI7WxiG6MfHss0L9zX1ekkKH5c dVDq4bEHmLsJWf1chDh4fUhoveUKBxqfznRpEoUzR8fBgahyCZVNbvKcQK3A5oSFQ9l8 uqEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6uS/mI0aatEHqUL9B1S+eTlivdmOLrwoS7EuJ7+U7Sw=; b=Azad+4M78/pPQoNa2eUK/gd955HQDBhki7uA7YjY7vfwEfZUzh2wxswcELGE1NTBWN jX+Np+odH98cciBxRDqrB4YEv8xcT3DS4KLKh/lmv8byvcJtDNdOeVPeu+qovsZDzuMI bvF9wp6SsbhB90wB1EkBLnIRjXIQX+rUXLwstyKEyDhvBih9s7oytLkahTT6wqZfpk6C HRHPne+rMdbasU3OTN9X+UQkfd0Cy0MXmfcQYPh+gUDT7CaOHVCIPpGMOwCmxdsVZ6fV VtRfN2vIKX8QKRD7Uc/iKuCPzm8jBcgbTH/qZJRTRfr5mTdTccFtMwf9/7vU5U2Dee15 BHfw== X-Gm-Message-State: AOAM533okBEpW3N4V8b7zKWqMSITSTGB/9jAoyEO9cbC7XtEhSxRnsEK cwK34VsDo7pdeXploHtC9BQ= X-Google-Smtp-Source: ABdhPJwt7aFnIwDsl4dI/alqogWDhoC64RsfiBRWaspWMkuciWBaudkzHyUrd8ywtQbTILnHc6eO5Q== X-Received: by 2002:a7b:ce14:: with SMTP id m20mr13614858wmc.12.1614006781358; Mon, 22 Feb 2021 07:13:01 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Steven Rostedt , Ingo Molnar Cc: Romain Perier , linux-kernel@vger.kernel.org Subject: [PATCH 16/20] tracing/probe: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:27 +0100 Message-Id: <20210222151231.22572-17-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- kernel/trace/trace_uprobe.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 3cf7128e1ad3..f9583afdb735 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -154,12 +154,11 @@ fetch_store_string(unsigned long addr, void *dest, void *base) u8 *dst = get_loc_data(dest, base); void __user *src = (void __force __user *) addr; - if (unlikely(!maxlen)) - return -ENOMEM; - - if (addr == FETCH_TOKEN_COMM) - ret = strlcpy(dst, current->comm, maxlen); - else + if (addr == FETCH_TOKEN_COMM) { + ret = strscpy(dst, current->comm, maxlen); + if (ret == -E2BIG) + return -ENOMEM; + } else ret = strncpy_from_user(dst, src, maxlen); if (ret >= 0) { if (ret == maxlen) From patchwork Mon Feb 22 15:12:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098897 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30E00C433E0 for ; Mon, 22 Feb 2021 15:18:23 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 57DC364E83 for ; Mon, 22 Feb 2021 15:18:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 57DC364E83 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20797-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24441 invoked by uid 550); 22 Feb 2021 15:13:15 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24346 invoked from network); 22 Feb 2021 15:13:13 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pNjPP+R6G1ipZtLvtiVHNIvTPKhMwdVdBohHcYREKCw=; b=czOh/H+hJtEMAW7bl45eaYyPl+SGuDPrp1yzUjcGmgfimbF7FpaKsatvBqaQUE58IY jfsa9jO6Ofi087FELMZ11LHCvRWx3NK3RJUAn3er32i1wS0cqrT77H6x6GUN9bocNpqp E9Cb+6ioqmICjpIY+SIou+1IR3oqvxXuCmFutIF3HUV6FfCE9Q2g/WeKY9GRaDNpWOM3 3XpNLC+Vnqr5cAIC74JQ76tuVnjyo+VHImkVdAY1PsVKKfkNi8BE0qufn02lx90c29uv 4dM5NF+hrClmTRgOpJLK3nwnzKqarm8Tq3D5O9iN8RBz4Bi8rJDPi2jiapbOSzblwcjD dkXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pNjPP+R6G1ipZtLvtiVHNIvTPKhMwdVdBohHcYREKCw=; b=b4UrTnLtYRXyvk2lzJHe6zzFKqYdUFBjo2HhrElp5mwcV7jXiwwJdjSj3O8j+5eBLD JbWwo9LJVypEQXEJ3me8TEjdtw5qmV1ABXEsWUp30V5WnTSaY9Q7spAAPPOfArcEP7nW t/erAXLPmQZMDECjB3MsLOnLGHDkk76LN3+o72G5skUDOM96GYZaY/5f1Gxq7lC63DFZ LB6V/rI//yJwdurBvxt6AfbsvYRsKI6SkLTtAH5kxJZGTMBmqeD9e9yrSkDkOXqXHY/2 WWhDxJbTU5MapFixXhwKDLr8tlG8nClEUiF/vjD3u+NicspAVLGjKSwjAjE01TDQ9meT W60A== X-Gm-Message-State: AOAM533fx8q6RCd2zHIXVxAxaMXoB0NF8oaS3m7iSI2GnXoD/vqFnIdU vTHTT1ZyCixlLnkkar6rZTY= X-Google-Smtp-Source: ABdhPJxELjftRjbjQ8QfUGGO1yRJpXVaKOsjxszlBPDZ6XpG6SXTXprLGU2UGpUASnlugQFQNk7gkw== X-Received: by 2002:a5d:540d:: with SMTP id g13mr22002512wrv.143.1614006782504; Mon, 22 Feb 2021 07:13:02 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , Jiri Slaby Cc: Romain Perier , linux-kernel@vger.kernel.org Subject: [PATCH 17/20] vt: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:28 +0100 Message-Id: <20210222151231.22572-18-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/tty/vt/keyboard.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 77638629c562..5e20c6c307e0 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -2067,9 +2067,12 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) return -ENOMEM; spin_lock_irqsave(&func_buf_lock, flags); - len = strlcpy(kbs, func_table[kb_func] ? : "", len); + len = strscpy(kbs, func_table[kb_func] ? : "", len); spin_unlock_irqrestore(&func_buf_lock, flags); + if (len == -E2BIG) + return -E2BIG; + ret = copy_to_user(user_kdgkb->kb_string, kbs, len + 1) ? -EFAULT : 0; From patchwork Mon Feb 22 15:12:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098899 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13C95C433E0 for ; Mon, 22 Feb 2021 15:18:48 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2F7DC64E61 for ; Mon, 22 Feb 2021 15:18:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2F7DC64E61 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20798-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24513 invoked by uid 550); 22 Feb 2021 15:13:16 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24373 invoked from network); 22 Feb 2021 15:13:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eE3vB1/Y8MdpJt97O9ILAeiKByH7vJluKckPn4DVjuc=; b=qRBLvooKzzptyg4Na1vV+Zw3xpJrgdbtv8oSWAD7uDzDOAIsoTtNtDBnRP9zRr6tkh 9f6G6dKGjz9WqzquotrqA1GQ0V2DC9qo/WLqkVtNZzGlwHJ6egBZxwWujxTt/wYYKVgT N9EkVwdrFyjVzqlI1Q150Z6RFloU34+sttMm2VStZnXAzwYTBae87xniZ9tqaDV+5Rv7 NlvoiH4/Btz0f3ojJebhRhpVbONzce8Rr1ksYkPxS50D3HLkxHENK/oyP9iYz9y4yD2S Hj9yfnfnfRQn6PdUvWIhTP9ZODAnNhPVrqhvbkfziR3sCGsXj4jq1O1wu9GUWbxu1vW7 ylvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eE3vB1/Y8MdpJt97O9ILAeiKByH7vJluKckPn4DVjuc=; b=Oo/kMz8l6Y1eOCOuBwLP2EHsYjurR3UISfi7xPI9+JIC9JMmDybsg42SC96H8j1FiM 0RX2PWxiMIGvsNmoxWFM0sfUY6Vo9CGBeleJgMKGWI+txk5SNBajK0B2LV6NvITP8o10 zCuBl+298qV5r5ie086cfdOYBkIMHeqhOJJVKpyfYR9MUV7wsY/epbLsZ5zkpMGL0p4V atfuTlti9lIcEhGrBAJLiJ/bg8xSTVTFe+JXuUzuqiDDe0vv1h9m1XeBeQqQLfbxyGZT aK/TsAmRGHIGRr0il3L2pEipWT6f1qGBeJyOEqz7mAqlE4Hq6QycAvR1dqarHP2LnamI ZOUw== X-Gm-Message-State: AOAM5328i+UBxFCxQXje84JGTXUdaOaoRxujvK46l4kmYTxj0hHDUDhR jcT5LiMrVbiYQrOPXzwVHj0= X-Google-Smtp-Source: ABdhPJyfPGar/M7v1Lbgl1i6VGHfK9R+x8JNl1xnJQkxT/oA6TAsd7WzE2w4ZgIygKgSC/mrQJNzqg== X-Received: by 2002:adf:f1c4:: with SMTP id z4mr4346920wro.52.1614006783582; Mon, 22 Feb 2021 07:13:03 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , Felipe Balbi Cc: Romain Perier , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 18/20] usb: gadget: f_midi: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:29 +0100 Message-Id: <20210222151231.22572-19-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/usb/gadget/function/f_midi.c | 4 ++-- drivers/usb/gadget/function/f_printer.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c index 71a1a26e85c7..1f2b0d4309b4 100644 --- a/drivers/usb/gadget/function/f_midi.c +++ b/drivers/usb/gadget/function/f_midi.c @@ -1143,11 +1143,11 @@ F_MIDI_OPT(out_ports, true, MAX_PORTS); static ssize_t f_midi_opts_id_show(struct config_item *item, char *page) { struct f_midi_opts *opts = to_f_midi_opts(item); - int result; + ssize_t result; mutex_lock(&opts->lock); if (opts->id) { - result = strlcpy(page, opts->id, PAGE_SIZE); + result = strscpy(page, opts->id, PAGE_SIZE); } else { page[0] = 0; result = 0; diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c index 61ce8e68f7a3..af83953e6770 100644 --- a/drivers/usb/gadget/function/f_printer.c +++ b/drivers/usb/gadget/function/f_printer.c @@ -1212,15 +1212,15 @@ static ssize_t f_printer_opts_pnp_string_show(struct config_item *item, char *page) { struct f_printer_opts *opts = to_f_printer_opts(item); - int result = 0; + ssize_t result = 0; mutex_lock(&opts->lock); if (!opts->pnp_string) goto unlock; - result = strlcpy(page, opts->pnp_string, PAGE_SIZE); - if (result >= PAGE_SIZE) { - result = PAGE_SIZE; + result = strscpy(page, opts->pnp_string, PAGE_SIZE); + if (result == -E2BIG) { + goto unlock; } else if (page[result - 1] != '\n' && result + 1 < PAGE_SIZE) { page[result++] = '\n'; page[result] = '\0'; From patchwork Mon Feb 22 15:12:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098901 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 127D3C433DB for ; Mon, 22 Feb 2021 15:19:15 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 1AB9C6148E for ; Mon, 22 Feb 2021 15:19:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1AB9C6148E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20799-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 24570 invoked by uid 550); 22 Feb 2021 15:13:18 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24466 invoked from network); 22 Feb 2021 15:13:16 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xsehZqvcvtb4tCCQoqeDviKqU/Y1YzBUUFjUVz3pAZk=; b=rncFZJGMNdZtNXBSacAVdgQBb0oGFNyf4Hdrl4WXvGfYPpXc/Yp5sNVXRPxebcNuHS 7IwEN7oQqyGVvRqs7xITRH9BrQFVeMl9spTlXJbuc9zRHDrvQyCLU3I7tFJ1PyS/4HNJ fzRC7nyB+goax8BUDRiSpHvvPl5rliAh3rGz2sJefngJxqQ91KSDr12SCvrRitANW/hI 0ZEPXb2d75NN21G4Mk1zMcEiEFxGfPE1x4YqmFFkLRQzfM4WHTL3WWIWjUQbfKTCBMaK sivFSnlzPOUjk7O8xk+5jDWF/7ksajmmcO15qtMvYQi3A8BDvi2F/SkrsWH3iGHIEm/5 DhaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xsehZqvcvtb4tCCQoqeDviKqU/Y1YzBUUFjUVz3pAZk=; b=AqW5ybT7kUGvwkbBIhPQyDgjqD66zuIj2YdFNkkzosWEDCBYqMsJXzkGETbGUqtrK0 gcDOOcCeEQD5V9ioeoprRHgXNdu6PfcU0QbJl0pP2mP7CBQz0pxIH4397cVV/XJVf3Lr eEwp17DwjL7TA8R+Bdtq1hTdd2ZiG9GlfIbeIxqL13Us3VHHtwZNia5leQXaOdcv/Clq MUriIVJ0MVazwA2TtctJFasHDTtoCQYmMfopug8rxlQ0pP59HSC3wSyVHuSsZL0+rAyc p1XT9blQOFR+mHLm0FahBja2HzlAVz08lC8Vfh2bhXbOYMyap7CRRbrx+Roa0pYP+E7J 12eQ== X-Gm-Message-State: AOAM531/SEqxDKdIEYWWkN2u/B0VaXupXI5BwkzYuut3UQRyoIRrfm18 RiNCU3orvXrpCl+v9L9cKX0= X-Google-Smtp-Source: ABdhPJxRYTjEd7nsbxeIKUmEpWw/94Nm1leoqbaxX1B5ddNqok4WzlYQVzm9GVfAfVRtD+2oslhAOw== X-Received: by 2002:a5d:55d2:: with SMTP id i18mr5005134wrw.221.1614006784971; Mon, 22 Feb 2021 07:13:04 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , Valentina Manea , Shuah Khan , Shuah Khan Cc: Romain Perier , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 19/20] usbip: usbip_host: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:30 +0100 Message-Id: <20210222151231.22572-20-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier Acked-by: Shuah Khan --- drivers/usb/usbip/stub_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c index 77a5b3f8736a..5bc2c09c0d10 100644 --- a/drivers/usb/usbip/stub_main.c +++ b/drivers/usb/usbip/stub_main.c @@ -167,15 +167,15 @@ static ssize_t match_busid_show(struct device_driver *drv, char *buf) static ssize_t match_busid_store(struct device_driver *dev, const char *buf, size_t count) { - int len; + ssize_t len; char busid[BUSID_SIZE]; if (count < 5) return -EINVAL; /* busid needs to include \0 termination */ - len = strlcpy(busid, buf + 4, BUSID_SIZE); - if (sizeof(busid) <= len) + len = strscpy(busid, buf + 4, BUSID_SIZE); + if (len == -E2BIG) return -EINVAL; if (!strncmp(buf, "add ", 4)) { From patchwork Mon Feb 22 15:12:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Perier X-Patchwork-Id: 12098903 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D20DEC433DB for ; Mon, 22 Feb 2021 15:19:40 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 1ED8F64E83 for ; Mon, 22 Feb 2021 15:19:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1ED8F64E83 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20800-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 25666 invoked by uid 550); 22 Feb 2021 15:13:20 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 24519 invoked from network); 22 Feb 2021 15:13:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=24BL/iNm/fhU40HUi/hWtrmxaezcBQ+HXPsyjGQxBIo=; b=aaT0G/6TPkMVKasY0K+CD2HHIphx92WqXSKR482UnNPC/Dw6RTdYUajXcvWj5JxCpW 8sfT+13XlreR72oYWOKLWRxOzgMLwot2q8GXpJiWoq7vv8keyNgyGAEXQdIAJZsYFYxu 9oozI3VPNhjir/Dc8xRVF1efGRLRax2AL5U3xKZd7hI8ahM6/+EAqOeu+v5ExNEfvU6m YEXviYbfZtFcujSnXKa1vV3/Q31O/Ry8WfSmofK190AjXtfW9k71QJWUCY5NINQpW957 9mMzgZFjNzNAd7tyXyKdIA1tfAyIwnDAVCOtXKEkuIkii8yw8fvQhbc2VIO2C2wFJoeR 51Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=24BL/iNm/fhU40HUi/hWtrmxaezcBQ+HXPsyjGQxBIo=; b=BV8k6G7PyLWW3hJr+tqLKsf/FAJO5CfBPDDQINLErwbRLC81K0YYORaCIgOMjf/YAo w7TasSOhTb8JrXtff0zj6uU74k1YdA+sG8ZNsfs5N1aUnk4Eoc/S3+YkRz0CnyXI6CEw vynWy4Rlm5VuZ9W5derR1SCZD2GqHjtRfzHGe921LXuBuL7aofzuFOXdZYiExCmBLsqz dHrgJFAJb6eZCLvqy1dB84mZPnHhfX15GYx7/K/8ZDQR3VdBpLzUCZoqqFHI4gz1cAMu mSTdohD4jXRPjJMDKQG4aoikaUbceaFTMpqoJ0tVFxKY5d7ZqOuD641dbJcxjmvmhC9g c+SQ== X-Gm-Message-State: AOAM531/ki/B2Gfkr4L+T08AT19CrKl/vnoStLz9RmqsD5qZFjgIIYgF HgGQ8AB/1vvxAJgzFkCT0Yk= X-Google-Smtp-Source: ABdhPJxvgxyutQqdF4CzBQ2jUcCdCfMoxXN6O3eh4JjIrCfH4tryUG8CD/8iT/uMuDIoz+kC7pzRqA== X-Received: by 2002:a5d:5283:: with SMTP id c3mr21327841wrv.319.1614006786274; Mon, 22 Feb 2021 07:13:06 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Wim Van Sebroeck , Guenter Roeck Cc: Romain Perier , linux-watchdog@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 20/20] s390/watchdog: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:31 +0100 Message-Id: <20210222151231.22572-21-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/watchdog/diag288_wdt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/watchdog/diag288_wdt.c b/drivers/watchdog/diag288_wdt.c index aafc8d98bf9f..5703f35dd0b7 100644 --- a/drivers/watchdog/diag288_wdt.c +++ b/drivers/watchdog/diag288_wdt.c @@ -111,7 +111,7 @@ static unsigned long wdt_status; static int wdt_start(struct watchdog_device *dev) { char *ebc_cmd; - size_t len; + ssize_t len; int ret; unsigned int func; @@ -126,7 +126,9 @@ static int wdt_start(struct watchdog_device *dev) clear_bit(DIAG_WDOG_BUSY, &wdt_status); return -ENOMEM; } - len = strlcpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + len = strscpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + if (len == -E2BIG) + return -E2BIG; ASCEBC(ebc_cmd, MAX_CMDLEN); EBC_TOUPPER(ebc_cmd, MAX_CMDLEN); @@ -163,7 +165,7 @@ static int wdt_stop(struct watchdog_device *dev) static int wdt_ping(struct watchdog_device *dev) { char *ebc_cmd; - size_t len; + ssize_t len; int ret; unsigned int func; @@ -173,7 +175,9 @@ static int wdt_ping(struct watchdog_device *dev) ebc_cmd = kmalloc(MAX_CMDLEN, GFP_KERNEL); if (!ebc_cmd) return -ENOMEM; - len = strlcpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + len = strscpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + if (len == -E2BIG) + return -E2BIG; ASCEBC(ebc_cmd, MAX_CMDLEN); EBC_TOUPPER(ebc_cmd, MAX_CMDLEN);