Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751548AbdFFV6T (ORCPT ); Tue, 6 Jun 2017 17:58:19 -0400 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:42584 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751401AbdFFV6I (ORCPT ); Tue, 6 Jun 2017 17:58:08 -0400 Date: Tue, 6 Jun 2017 23:57:35 +0200 From: Florian Westphal To: David Miller Cc: glider@google.com, dvyukov@google.com, kcc@google.com, edumazet@google.com, stephen@networkplumber.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH v4] net: don't call strlen on non-terminated string in dev_set_alias() Message-ID: <20170606215735.GA18283@breakpoint.cc> References: <20170606135654.111884-1-glider@google.com> <20170606.163639.1246601020260541080.davem@davemloft.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170606.163639.1246601020260541080.davem@davemloft.net> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 744 Lines: 19 David Miller wrote: > From: Alexander Potapenko > Date: Tue, 6 Jun 2017 15:56:54 +0200 > > > KMSAN reported a use of uninitialized memory in dev_set_alias(), > > which was caused by calling strlcpy() (which in turn called strlen()) > > on the user-supplied non-terminated string. > > > > Signed-off-by: Alexander Potapenko > > We should not be allowing non-NULL terminated strings for the > IFLA_IFALIAS attribute. It's defined as type NLA_STRING in > the ifla_policy[] array. Unfortunately NLA_STRING doesn't check for NUL byte, only NLA_NUL_STRING does this. So unless you think we can change kernel and make NLA_STRING behave like NLA_NUL_STRING I think patch is correct.