From: Markus Elfring <[email protected]>
Date: Tue, 2 Jul 2019 20:52:21 +0200
Two strings which did not contain a data format specification should be put
into a sequence. Thus use the corresponding function “seq_puts”.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <[email protected]>
---
security/integrity/ima/ima_template_lib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 9fe0ef7f91e2..05636e9b19b1 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -74,7 +74,7 @@ static void ima_show_template_data_ascii(struct seq_file *m,
case DATA_FMT_DIGEST_WITH_ALGO:
buf_ptr = strnchr(field_data->data, buflen, ':');
if (buf_ptr != field_data->data)
- seq_printf(m, "%s", field_data->data);
+ seq_puts(m, field_data->data);
/* skip ':' and '\0' */
buf_ptr += 2;
@@ -87,7 +87,7 @@ static void ima_show_template_data_ascii(struct seq_file *m,
ima_print_digest(m, buf_ptr, buflen);
break;
case DATA_FMT_STRING:
- seq_printf(m, "%s", buf_ptr);
+ seq_puts(m, buf_ptr);
break;
default:
break;
--
2.22.0
From: Markus Elfring
> Sent: 02 July 2019 20:01
>
> From: Markus Elfring <[email protected]>
> Date: Tue, 2 Jul 2019 20:52:21 +0200
>
> Two strings which did not contain a data format specification should be put
> into a sequence. Thus use the corresponding function “seq_puts”.
>
> This issue was detected by using the Coccinelle software.
The two calls are almost certainly absolutely equivalent.
So this is probably just a minor performance improvement in a code
path where it really doesn't matter.
> Signed-off-by: Markus Elfring <[email protected]>
> ---
> security/integrity/ima/ima_template_lib.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
> index 9fe0ef7f91e2..05636e9b19b1 100644
> --- a/security/integrity/ima/ima_template_lib.c
> +++ b/security/integrity/ima/ima_template_lib.c
> @@ -74,7 +74,7 @@ static void ima_show_template_data_ascii(struct seq_file *m,
> case DATA_FMT_DIGEST_WITH_ALGO:
> buf_ptr = strnchr(field_data->data, buflen, ':');
> if (buf_ptr != field_data->data)
> - seq_printf(m, "%s", field_data->data);
> + seq_puts(m, field_data->data);
>
> /* skip ':' and '\0' */
> buf_ptr += 2;
That code looks highly suspect!
It uses a bounded scan then assumes a '\0' terminated string.
It then adds 2 to a potentially NULL pointer.
About typical for 'security' code :-)
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
> So this is probably just a minor performance improvement in a code
> path where it really doesn't matter.
I imagine that another small software adjustment can help a bit
to get nicer run time characteristics also at this place.
>> +++ b/security/integrity/ima/ima_template_lib.c
>> @@ -74,7 +74,7 @@ static void ima_show_template_data_ascii(struct seq_file *m,
>> case DATA_FMT_DIGEST_WITH_ALGO:
>> buf_ptr = strnchr(field_data->data, buflen, ':');
>> if (buf_ptr != field_data->data)
>> - seq_printf(m, "%s", field_data->data);
>> + seq_puts(m, field_data->data);
>>
>> /* skip ':' and '\0' */
>> buf_ptr += 2;
>
> That code looks highly suspect!
Would you like to change this implementation detail any more?
Regards,
Markus
On Wed, 2019-07-03 at 09:16 +0000, David Laight wrote:
> > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
> > index 9fe0ef7f91e2..05636e9b19b1 100644
> > --- a/security/integrity/ima/ima_template_lib.c
> > +++ b/security/integrity/ima/ima_template_lib.c
> > @@ -74,7 +74,7 @@ static void ima_show_template_data_ascii(struct seq_file *m,
> > case DATA_FMT_DIGEST_WITH_ALGO:
> > buf_ptr = strnchr(field_data->data, buflen, ':');
> > if (buf_ptr != field_data->data)
> > - seq_printf(m, "%s", field_data->data);
> > + seq_puts(m, field_data->data);
> >
> > /* skip ':' and '\0' */
> > buf_ptr += 2;
>
> That code looks highly suspect!
> It uses a bounded scan then assumes a '\0' terminated string.
> It then adds 2 to a potentially NULL pointer.
The code here is used for displaying the IMA measurement list, that
the kernel itself created. Protecting the in kernel memory from
attack is a different problem. Refer to Igor Stoppa's write once
memory pools.
Mimi