Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4959645ybi;
        Tue, 30 Jul 2019 11:10:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxWF5bjF4PQpBz91u+ELgOkFRRD25nPX4k3YPxwhDfsip1sZWEZPCNfouvBrWcZSQ2kewAJ
X-Received: by 2002:a65:4509:: with SMTP id n9mr56653563pgq.133.1564510229408;
        Tue, 30 Jul 2019 11:10:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564510229; cv=none;
        d=google.com; s=arc-20160816;
        b=LHxRjLzCle7GVOHNJkoVRhRI8LJ3mB8UOiN7ns1xwc+HRvEMnDNszhIw4o1Yp1NxlM
         eLjbdg/B6o4CWoG+Tp1qZEl7yVW9lw1r/Y15FaCxnx4jAGN6Q/fhduY2WG90fuwZaWwS
         TLEB+A2h00ZtME3YbP23oSH39QXy6/S3xeaYq0NPa6an5i3kgHLVgqYmIskjSn8EchqD
         OAJsU77/7rEBsljZIB7PR2kX2zkLGEMDW1CHDgJevVhcrdNwxnriq2cYXviYxQq6hPEo
         KCucGwgGZHcf7LrN0GKXrNr3jHSa4I3BpWxaLCawWsGFgKH/atJS8IyqdIsSOVP8uZve
         HlXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=ImY2DybhOrcM2lI55Kc331ajwFUz03xP4fYhf/CoFd4=;
        b=rBFazmG40/apGfVl8T8dKCjEBhp5dMhS8GhuzteE4PqFtKiTKYbGjXCp/Sfa9Mh/41
         3WIh1HZnvXff3qI8+O8JdofgIpEt4r3O24t1Xsp1goAc03K0LDS8/95BVPEZLckFBTBB
         YxE7nL2spIcChtaYOrBQqldtmWm3bQBzfwA41NtL114u9ePDwIQcukviqmA1q7+ufrED
         c9hwlT6vjCorJobbuXWYPwH1ccT2XHq+9rLYYQ4kWnBkCmqBrujWwRaL4T4Ag0rqi/eO
         cp87YJFWJpwvVrJLs9vAtD4GuiyMI6RcRrn8N3p9jA2jp6P1RMAqpdVZvBdTDfjI/ALz
         +QBw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@poorly.run header.s=google header.b=fnTPfuSO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k143si29432880pfd.212.2019.07.30.11.10.14;
        Tue, 30 Jul 2019 11:10:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@poorly.run header.s=google header.b=fnTPfuSO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728534AbfG3RM2 (ORCPT <rfc822;luigi.mantellini.ml@gmail.com>
        + 99 others); Tue, 30 Jul 2019 13:12:28 -0400
Received: from mail-yw1-f67.google.com ([209.85.161.67]:33259 "EHLO
        mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725947AbfG3RM2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jul 2019 13:12:28 -0400
Received: by mail-yw1-f67.google.com with SMTP id l124so24045479ywd.0
        for <linux-kernel@vger.kernel.org>; Tue, 30 Jul 2019 10:12:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=poorly.run; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=ImY2DybhOrcM2lI55Kc331ajwFUz03xP4fYhf/CoFd4=;
        b=fnTPfuSOS5xpzgI/dQJjNEhuWQ9V5NaVEYODjti6i+5CsuI18ORya/MuBcyjj5rKHw
         OGqBw9FvQA+91ljA6QWTZ+QjMYN6u0YAvnZ6iB6zumCkot1zgc+Ge8Zr36k9WdlYCPIq
         5Qa+Xb7vJCv4lzx1IY48fS1EAyLA9/Pui0xCKvGCSTggjJbOVlLLVggs++kF07g3IQ+O
         MDdhIiresslcCgniwoC9JKTEDXB2NgciRQNn42Sv31gjZ6lsRJdl5wmhwdJ/hRypG8x5
         /ePhj9cW+yWQYFKxEnLr1qEJp1o4qn6Mm25gYkJ3tlQqAsxDseFTGf3giZ5YNxic5xeY
         6ocQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=ImY2DybhOrcM2lI55Kc331ajwFUz03xP4fYhf/CoFd4=;
        b=d1rjARXc5LCMcv6im5mlWZdQtMO52EjqW5mRyAPsSeRtObr9cm5qZAsTi8p3c5zIQv
         Doqtw5NyiXVi6NiB7TddRdWDUGL5j/njICK/58Ce6gxVQSn96aaTMt6DVfZuiXwjOdn9
         saTvUUQ+fd1ADAmJrwkzeEd2O6Leik77k9FGNQ691qg8aDtO5knByPF70WFTtWKWaO5q
         E/ojM4h0EbcSEP4Ag4BPYeUxVHoKQg/o7tzRw1tKEkWfxzrG8zDBk1JtGOw88v7PKROx
         r07hScrctC6V8C/zP+JK/q/AylX+CD4QZAXL6ZoCaSXCBFLZpdVnduB0Ru0wY2W2Qblz
         u2Fw==
X-Gm-Message-State: APjAAAXwby+PZIcz7k/mCmA3czq0dS6+D5bROnSF4hANfurvzH2fVFn8
        Miikye754Iz4oXAfTDXeXHF6jQ==
X-Received: by 2002:a0d:eb89:: with SMTP id u131mr71135814ywe.417.1564506747714;
        Tue, 30 Jul 2019 10:12:27 -0700 (PDT)
Received: from localhost ([2620:0:1013:11:89c6:2139:5435:371d])
        by smtp.gmail.com with ESMTPSA id x67sm15128373ywg.70.2019.07.30.10.12.27
        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
        Tue, 30 Jul 2019 10:12:27 -0700 (PDT)
Date:   Tue, 30 Jul 2019 13:12:27 -0400
From:   Sean Paul <sean@poorly.run>
To:     Chuhong Yuan <hslester96@gmail.com>
Cc:     Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
        Maxime Ripard <maxime.ripard@bootlin.com>,
        Sean Paul <sean@poorly.run>, David Airlie <airlied@linux.ie>,
        Daniel Vetter <daniel@ffwll.ch>,
        dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drm/modes: Fix unterminated strncpy
Message-ID: <20190730171227.GS104440@art_vandelay>
References: <20190730084032.26428-1-hslester96@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190730084032.26428-1-hslester96@gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jul 30, 2019 at 04:40:32PM +0800, Chuhong Yuan wrote:
> strncpy(dest, src, strlen(src)) leads to unterminated
> dest, which is dangerous.
> Fix it by using strscpy.
> 
> Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> ---
>  drivers/gpu/drm/drm_modes.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
> index 80fcd5dc1558..170fc24e0f31 100644
> --- a/drivers/gpu/drm/drm_modes.c
> +++ b/drivers/gpu/drm/drm_modes.c
> @@ -1770,7 +1770,7 @@ bool drm_mode_parse_command_line_for_connector(const char *mode_option,
>  	}
>  
>  	if (named_mode) {
> -		strncpy(mode->name, name, mode_end);
> +		strscpy(mode->name, name, mode_end + 1);

Shouldn't you be checking that mode_end + 1 is not > than the size of mode->name
(ie: DRM_DISPLAY_MODE_LEN)? This still seems unsafe.

Sean

>  	} else {
>  		ret = drm_mode_parse_cmdline_res_mode(name, mode_end,
>  						      parse_extras,
> -- 
> 2.20.1
> 

-- 
Sean Paul, Software Engineer, Google / Chromium OS