Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751174AbdFANr5 (ORCPT ); Thu, 1 Jun 2017 09:47:57 -0400 Received: from mail-bl2nam02on0085.outbound.protection.outlook.com ([104.47.38.85]:5882 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751089AbdFANrz (ORCPT ); Thu, 1 Jun 2017 09:47:55 -0400 Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=caviumnetworks.com; Date: Thu, 1 Jun 2017 16:47:37 +0300 From: Yury Norov To: Alexander Potapenko Cc: dvyukov@google.com, kcc@google.com, edumazet@google.com, davem@davemloft.net, stephen@networkplumber.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH v3] net: don't call strlen on non-terminated string in dev_set_alias() Message-ID: <20170601134737.7dp2pbnek26b6kqf@yury-thinkpad> References: <20170601123829.51794-1-glider@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170601123829.51794-1-glider@google.com> User-Agent: NeoMutt/20170113 (1.7.2) X-Originating-IP: [176.59.49.173] X-ClientProxiedBy: VI1P190CA0004.EURP190.PROD.OUTLOOK.COM (10.165.188.145) To BN3PR0701MB1268.namprd07.prod.outlook.com (10.160.118.142) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PR0701MB1268: X-MS-Office365-Filtering-Correlation-Id: a4054cd3-bafa-400b-9c49-08d4a8f4cc6d X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:BN3PR0701MB1268; X-Microsoft-Exchange-Diagnostics: 1;BN3PR0701MB1268;3:KW0cPrZPprPrA7SJFIoezlj7Il6uq+OjHtH7ZJGGultbrXF3m1cg1fhZvsTVFhlqeqFWRB7Td3cCK8aod/7deki6KycWus/SSGE4Tg1jT5JZPS0DLhDRYSIEAp8hf5+WaA0dcl7Z/wj0iOITfykbj1WSz4Be+CJijOP7pBdZ1lzg0Z7OHkxa66byft3S+Cfe4b2rCaus2nHp3RdrhdLrQ2C3cvsc3/BaCvPUHTbWKQ5owKLaSAh8Ka+C7gmY8aaPl39dZym7lC3hwUAgtd8Ddy3lbD0KxMC+jF+zDZJd9OmprKFFDmfvVMLeqQdwUmjEoHtS4voUglODlraM3GMJaA==;25:yb0CqNSEYX2yGwJ6ycJUqX6OlJ+JE+PtzYNOUL6QDkokDQ1/COH/+1qjttibOvUyUUKEAScMlOZNi3jEv5gdkqkeltyJsuPdMGWVuvCs11oij79lhVwmvPD150A3XXCDZJuKuFobcToxxJwsbXpX930VUmd1rgXOOM5PLo/P5UiOAMogXrHsAH4bkpPjbc2Vl1XMR2BqY4qNTJBIEqhBAeQl6hp+HEvgxk/LqRfRS6gIgWfumo120vNBR5648+x9HzO1iX4RmIC9jVzjzBfY8aPGFJWrdeDC7YEgJre03yBNVPGOtrwzrr/EezmUAd7/30l4YQQY56rWf1GDoLlv/zLet1ZPyjmRd1SgrjI+wMpf5tVw/ul6MOcSIoAEnPY61XWlKnIeWY41BucEcNDaU1a6xSc9UzKbkKntwFzcfsl9OxNOvbg+qZSh/2O3+x0RT+EhxUo5M5fGkrAYmm6YoYbx1D+oSlllP1fy2kzocyE= X-Microsoft-Exchange-Diagnostics: 1;BN3PR0701MB1268;31:o6J8zIYGhabrfoyN9pKkcT0xgyiO/sgCHjNdpMx2iL7HrYFsjTRUxvFmevTFXsqi0qjnwEgAT7sjy1G9vX6JpH82gfqoLdchfcgJVLCOt/pAaOZApDOjR+XSf1i2Vm08OfUNyN0AyB63WwW1HwJwkeijcKoDPrRYtYa7dgyimn1HiweutqG5WuPDbwLoUeUP8rMBdAzjNZbk335nKXCuy28ecMzAzfchq190/IXGHM9ilZHjy4SxP8QJfuXFchbvwWwaRi0IRWuurTQqRmJPbg==;20:hwb7xPN9vIihw4uqJ0+aqEMyyzIPa5cgOrvYSRvvnRVek5EAX0ZUuShRVTVdhIhkrMChBVFgXzUbtFx7742J51v4un2BMOy2zR83ZoqAlCSa7mDvVqX9R2wuh/zQZayWc0HJuEDoGeE+DKLsoIR0BQGGONIotWEVdy/um4PE4hCzkB/zm78WtzwjDzSrnzqFzAXve08BlfvHkuBitJ4n0hVwGpLLLioLpj1ZkRPAgbHjVE1saavNLre8rLgsA+5xm04socK2CGAdorKOuiizQ/yR8x/97pwa0PRfLFnHfRP3cnrfpXutsLWhe4jo89VAPIfQfSA9Fm66VBLjK4i+ZjbQ492ou+jUuNzLU5cKla/x0FHU4KE/j1G9Gq++MVbKC5a0yVN1Li3H+P565FrI85Dmwg5g+NjyUgqx639yVM7h5nJqSS/86+RzKXREkCkRT6bSN6YV3YoN40vo2ub4lqFJL3Ua0pdn915NP0dU8VYcZQszcPIpCXKO5QSJ4aEW+4NePo4NTmf4cd3PbF7AGgCvhTLg6hJOwrUTKQzKdN934Tf1c7i45x8cWSx/YLrrq9QoY0d4fpLCcuimLfHOdYcYFkyllcRq0LQq0aEqn0w= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(211936372134217); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700098)(100105000095)(100000701098)(100105300095)(100000702098)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(100000703098)(100105400095)(93006095)(10201501046)(3002001)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123558100)(20161123560025)(6072148)(100000704098)(100105200095)(100000705097)(100105500095);SRVR:BN3PR0701MB1268;BCL:0;PCL:0;RULEID:(100000800098)(100110000095)(100000801097)(100110300095)(100000802097)(100110100095)(100000803097)(100110400095)(100000804097)(100110200095)(100000805097)(100110500095);SRVR:BN3PR0701MB1268; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;BN3PR0701MB1268;4:9FPxs9AAkECQRjPmNZ8kb6xihE6YuW18wO85M4kT?= =?us-ascii?Q?jpSDOIJktsbYO4Z0tPHBB003OVQ5gte8j5zbzp6FU2UFQ+loMWeoq68RIjom?= =?us-ascii?Q?HgKEKjXgL/5cV0970/SfTeGMKrs1JZLOHWhmptiwVaWSW7xENMblFHAvDxYZ?= =?us-ascii?Q?Cr9N9XDf6Knz3ViAX8eq0k3e0rZ3RYcXhu3P7rGQNn7YUoWYZCXlH6TPxiiJ?= =?us-ascii?Q?aLkP33N0RJLoHXKx9JUXTTMQaRNViOD/8GRTFcSbGczhBW5sOveauSHumAAB?= =?us-ascii?Q?bMIN8miy3BdT4nEGAg1FaoTMIOvLJjswxZanLRKbzDD+LxTfbrH/h+qWOZDV?= =?us-ascii?Q?jr1mTbSb6cxMcf/QG6rT9hyMFBxvxlysTpxDClsFoAvrao0x1hdj2bDNlfoa?= =?us-ascii?Q?2xgWj7CzXiwTnteuzSp26UDphZY+nl9vXzMKJEGPquXN+VBtaoQIP59hHzs0?= =?us-ascii?Q?4LHnstQ+57e+cheviYb6dZUHaPJqBYgvs80KdDz3ibAhsv3M8lej2VJ8t5WS?= =?us-ascii?Q?zIhfojxHRLUKllO5g9JoYibKBKR85WLKl1DtwLycVth8hlV9I8uUR1vHGaqh?= =?us-ascii?Q?sl4Ba5aMRaaNVpsXdPsQqzbP6xzwxRtVrLmu4bvQOw78XRnMCDhl2KdaDJMh?= =?us-ascii?Q?fQ4egRIosiX5M09hdI4ardJpa8fiuHsNhPzK19l664QLPg7ymmqHC8JnxX0F?= =?us-ascii?Q?CdxiT/4BV/IShOJ2G9/WDXf3OtRwWK7DWkTblP3LNF5azeDoxM0c+GYcj8Cl?= =?us-ascii?Q?EzAGlDOyOqXCDS8sxBZEchLa6pxI6vPqAIUZJ/TVqCvCetFdcqT7D9TNRxGk?= =?us-ascii?Q?4OQMCWM0yXsqxPv/N+i3TeKFAxZOhUrpXM8Lm8i5f7cDCBlXYk45JnNaTGVJ?= =?us-ascii?Q?tYJSxGR4t+DUmvbmh7u5nNFEKro0G5lrm+/KaBpvAaqqCctQ3vMolE/ytMO1?= =?us-ascii?Q?StDLNOJIAXW8Sj1Gw+vJj3j5uiPyn4VYyKjgp5Zn6kBP9NEHakYcFJjVj4sR?= =?us-ascii?Q?2P2pBh4+MBE7I1nwVFR0TtaEj6HjDYoi1o6aP+47iavLlRXF2iBCE4eg5f32?= =?us-ascii?Q?j/Isl0OfPIkqiOIXL+VFpRwHNycl+AuV6ug9ens02MKdP8yfboL5P0ZHfeAw?= =?us-ascii?Q?3/Hp26yq4fED1L95xoYYvtUPH853SmL9eTJcZGDAgZKn1m9RImnRmw=3D=3D?= X-Forefront-PRVS: 0325F6C77B X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(39840400002)(39850400002)(39400400002)(39450400003)(24454002)(4326008)(6486002)(50466002)(76506005)(42186005)(5660300001)(305945005)(8676002)(4001350100001)(1076002)(3846002)(23726003)(6116002)(81166006)(7736002)(189998001)(83506001)(9686003)(33716001)(53936002)(50986999)(229853002)(25786009)(54356999)(66066001)(76176999)(2950100002)(33646002)(42882006)(6916009)(6666003)(478600001)(2906002)(38730400002)(72206003)(6496005)(110136004)(6246003)(47776003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR0701MB1268;H:localhost;FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;BN3PR0701MB1268;23:KSf94kf1vqI6VZA4IuP6eV9BbfKgyo+DozDXLWQ?= =?us-ascii?Q?iZBUbsFKMjrxw4wl6lJ6dkkmbgZbf87J82lCjZPMoBUPh/Q5UJJuUZ/W4Z6B?= =?us-ascii?Q?IPH1CrFH5/GhMnZccgjRvMppzwuApQsZ1s2jldDEmWP6+B6dGrKxIriWfUYF?= =?us-ascii?Q?epHVPvMuUMc0mmq9t9fWykQ91xBv8Oh//7lPGOADNBnYJkTegx2eOuduN2pp?= =?us-ascii?Q?QGmeno3sWq2Y6cGO55F/M3yjV68djMOjNM3xTfyjKxFeW3ryoeH1X9d476mV?= =?us-ascii?Q?BZEJX3MQRT9TAqdB/ngyzwe9Cyq9iCPGw4B+ctH/H9E+NPnYaNaC2Nk8lr1s?= =?us-ascii?Q?Vnbf/WJdWTm2+/fXfAn6acVFUwgT2mYQCOBRSbtZm2mCS7ReIGC4ODmcwg2U?= =?us-ascii?Q?MiGrhqLLFTIrvH6e/UHjwItr8UnKElc7g5Dp/bt4OQL8ESAfSf7kuo80u4SD?= =?us-ascii?Q?yPtVsU0yV6U5RppgAxHCsApwT4ZIr3ZuN4f4yZ08tLstVCUikxKlLWFwB4zf?= =?us-ascii?Q?iN2um0L7j0nhW07HpmtHMKLjYtTpcUcSgTULR2Cq3fWZW4e6YTy7yA/TAQV6?= =?us-ascii?Q?8pXSZEjx1V24bUUoJy31tVxiPD7be+M/2Q6u4rYaFSyeFBW5ODSqbtUgiE3u?= =?us-ascii?Q?kwNYp8kkd2A5CrRFIoiiJyXc77400Vco4gNVOfry/upsnKWSQ+bflAVXTQn+?= =?us-ascii?Q?TLvoV0zQeSQitwvbCuTDyw6A7d9Xq2KgDS3KfH4loJiEF22Lnqv5BYJ77hx6?= =?us-ascii?Q?VmtXxQl9B3rPr6MuNpgybAWgVX66pzkSaC1/7hBCMWhn9uFfaWEzoXlZ7OOr?= =?us-ascii?Q?u6x42GeULhw83OSsH9xHIHcADkY8SpKMFCg+VCjw80rA0EHFxJmGOhOrw8UN?= =?us-ascii?Q?pYRtTLj7SlUnaEDoIprzIZbW3CbpT7n6TGNUuHSSNwNMMa4/+T5ti2U0Rtyh?= =?us-ascii?Q?qYmIkZhcaW1b9Ds9HwtDGvozmPe/QORWHyLnihYjBB3XuEcbU+YPVK1U7aym?= =?us-ascii?Q?kANHaSq0nD3cA217uz5GyimiduHyYkulOpDdrc6w+/p2pAkv8NSOcoFKHvEj?= =?us-ascii?Q?+385NYCdX8dr8Gg0oYDpZTnbDfw2k9ljlap37sgEl9ksyX5lYxi9cupo2MGI?= =?us-ascii?Q?YI5WF+BzzGMuRoQgGFPafeYDb4yDuonzB?= X-Microsoft-Exchange-Diagnostics: 1;BN3PR0701MB1268;6:71JaLz6S8HEf3pBmbsyp6yA1lw7d7b8FrGPWAxGlPwqdGHU/sPDtwxOgw//LX2mnLffTt7C3eDtxY8hTJTBkEzIYmqkerWzc+vStiohyg9ZH0Z5NjigNP7TSzJwRKhk+1JbGWaf17AYKlWqa/HZvB06x/mmGeAGEyq0N/NdxgwSJ0DFSayNty5cEr0IhG/lcvpZk2bjuTurCfCtKPz++S+OydsHxyORsBaWDhVdW/oQL3sF1igf7h7PD78G2qaDTx2SKa+g/KrZy6kqny+Rj3CnyAJf+nP17TjQxNCgDgvLdg7kKTVGLO7YosGuxrDvJXKvi7E9VlhUvhqDJuwq+QbofV8xqnsG8VZlglXJ4ErLfikDgoaToiys9qYCk/AbmGar829080MDQ5ML8qQPbnVIUjASogtVYYUcv5DM2prJPdYfxeMJkIokCxB9vlTMjhpSMN2jbmjcvVvB5rYBkchD5ugx8u2MHBOOLDDAT44B+YjB8f2VHsqa5PenJa8sbewm4WI3EUrYeYQl6QOualQ== X-Microsoft-Exchange-Diagnostics: 1;BN3PR0701MB1268;5:2iuiWDvYHAwhkR7tCsky1vV6+xhoHk8mfr/gy413rxBreYOrK3dlTuakYwRBFFBdCVF5heZMQ7uLJI7sHVriJZZ8ZvhlEPghqzQuKU4t8Z2z3pkSFWoBlLyxAvihff/egZ1ByO41c4E1HSCl/oumEzMZ0U9tbU9YX1WhqcKRshxqFn8p63TgNcpteFKarzWSwODYACi9jFUTjy5aEZ5Z84QExPqpAxlhWJhdXc3zKAtc54Z/q3Pu49yY525FeTu/bQjlUBdMh6MThupHtq0eFa3U3knOq/3zfUtRYzoSXcnHkxy1mnwX0lGfkKV/PrVJxtY36RMRKbSd9z5nkoQKSG3REHX7wmg6Lk6rSrBWguJHgY/3Y/9UwFL8ybc7Zqwt4q7tFefHhWUk63iWX2OrZ0o3zOi7ygXAoBj3VPPLJ4dZmlyzqVk5qaRzROj5z2gaPPJl0bfF4Qlu4B2Qgq8g07NcW4qCRM8YF9dhNqPoooLd74l+4g7gMoAiNuqiwEDv;24:PgLSMr8z5Fh83ocuKLQlvVnomc6ATWVLxRsyi1v6oKLjhjgFuCddnIjuVUV1VOkEA1DPb+XCMiDK3l2acTvSKW6H1SbFDaZilL7xQ6HobX4= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN3PR0701MB1268;7:UPP91rRjsH2j0iXG0hObQtGWXjUmy229XkPRPhPRxS7DCng7ADP2YmKSYKc56ylDkxSusQsWjmy+r6jTrk8TEMhnjlu60gMNp2Vbf/ZGDF2l8UykfDzzdSTtjifxXmPvvfqVpeJfz6oWmUXTMXfi1vAob50GQaAt7ndJJOpKrPk9JlzZWL2XnS4Ma7eY0BYN8tB8pmyf2chgWg2W9JeXchNCdw3bCWXxhUvqNqaty3DxWN+RwFhCPOAumJQUpi2srQSVx21QOwvK41l97iM2Ys6ft5J2F8aa0WfuG0lDGHHGQucj8/ZbMDWZjJV3p7kBOmpjfKrKzkIZ/5qY0JZt8Q== X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2017 13:47:51.3335 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0701MB1268 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1106 Lines: 36 On Thu, Jun 01, 2017 at 02:38:29PM +0200, Alexander Potapenko wrote: > KMSAN reported a use of uninitialized memory in dev_set_alias(), > which was caused by calling strlcpy() (which in turn called strlen()) > on the user-supplied non-terminated string. > > Signed-off-by: Alexander Potapenko > --- > v3: removed the multi-line comment > v2: fixed an off-by-one error spotted by Dmitry Vyukov [...] > --- > net/core/dev.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/core/dev.c b/net/core/dev.c > index fca407b4a6ea..3e3b29133cc9 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -1254,7 +1254,9 @@ int dev_set_alias(struct net_device *dev, const char *alias, size_t len) > return -ENOMEM; > dev->ifalias = new_ifalias; > > - strlcpy(dev->ifalias, alias, len+1); > + /* alias comes from the userspace and may not be zero-terminated. */ So if the comment is correct, you'd use copy_from_user() instead. > + memcpy(dev->ifalias, alias, len); > + dev->ifalias[len] = 0; > return len; > } > > -- > 2.13.0.219.gdb65acc882-goog