Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp3237073pxx; Mon, 2 Nov 2020 03:53:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJwzD9g7eP/Ii/aGD+iEwaWfv17tHYXIgtXIYoBd0tIWDy564lnk6IUukvQFp7cXcAqsvR8J X-Received: by 2002:a17:906:1411:: with SMTP id p17mr15721478ejc.102.1604318022512; Mon, 02 Nov 2020 03:53:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604318022; cv=none; d=google.com; s=arc-20160816; b=pa3h1eyAwL6bFnuMqXyIUku6IW1UIMP2h0bLEN4/ke6y5T/NipTeWen0FZ8QE3pgf5 Nmgg+lv02+shn4XDDWS6cQ3WT+wahB5lAKmXjs3S/rIW3/s7YaUiKGfQYSzSObWeDimd LJAPgf2HUlgZrPV8DN5vmfAPm0ucO8vZ7DtuXkT4K6ljgZZo1t+Nnc4myRoT7T4j2rB4 4Rt3nqHYhDH6X4DtpnAe+AA+KPOmjJwLPTVknCX4M9i4V0QyZt0HrWVUlW/qj6SAiNso kaf6cl62q6L1vlI50MmA2Bd8Qf8Vswog80+0S9ZFT9EUWGslUsaTSLQnTmEjwjuuhlD+ f7hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+nfxQCCmJXEo7KncMNyKTjvgt98qI81zIUKCv1ZGk7A=; b=FppATkvylieTRS5V0hvvJk4JbCaJvH+KBDNLg1EsDigaFGEWP4SFQ/1EmU90x6aBLJ 73IV+wUDZUeUd5v+YxapJ724HJnItCmZSjnMJkXaAskVqQTYPbhrNHZPpqF87P3+jCZD TyLjkJcWceNTjFofqAl+w0MhJj5RFc3w3kTVhYo7cOewjMkImb/b5xW2z9AJ7rM4o64i 89aKCRcXhLSAQsXvW8w2ltrBT+TYt82XnrhF/6TgR3H+qrJLANN4Do6GcfVhuyeCaU48 kJLZ7P+btNb8T+FDh8sQAgKQvGqySk9Z+vkDhkJlGj157DjepLxF+5PThX6DH7SThRDy 3PIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gRVuPI8M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g15si12869515edp.174.2020.11.02.03.53.20; Mon, 02 Nov 2020 03:53:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gRVuPI8M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728655AbgKBLtI (ORCPT + 99 others); Mon, 2 Nov 2020 06:49:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728733AbgKBLtH (ORCPT ); Mon, 2 Nov 2020 06:49:07 -0500 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 521EEC0617A6 for ; Mon, 2 Nov 2020 03:49:07 -0800 (PST) Received: by mail-wr1-x444.google.com with SMTP id w14so14205522wrs.9 for ; Mon, 02 Nov 2020 03:49:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=+nfxQCCmJXEo7KncMNyKTjvgt98qI81zIUKCv1ZGk7A=; b=gRVuPI8Mfv4ZFGLYGPQhACenu9vVDG903vkWLHVy+/1o+8b+naTJnraP4Dpoj5wEkl hNJ6VFcZKLu7kk/zbxDCOgcPkK0I7OiqTGkWOxZHvmCWYJO1jrjsSzoSwDq5xVm4Un3U LROLW/77WC0GhEobCwK6DjkRmLH4MUmYo0TW7+8YABnCp4zoLfq4DeyQ6Dm2lAfAn1vK 9Vvj5PaXynwPrJOPCfI1N7l1hcuesyRz+5S6P3wld5tpLaQpCsnJiYruwrfu1d2jW/Ug S87MI1SRGXt0/JcB/2fEFOI+gFidAWIDfUYiUbfP/KIVuKOaTRR+nbB9oNyMFiZscKIG vCcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=+nfxQCCmJXEo7KncMNyKTjvgt98qI81zIUKCv1ZGk7A=; b=jT+DWDEgLGLjhxI1SQv9LU4nQfsGrGyzdTZ1LYJlqKT2I5JU5vcCmg0aWRsNi7o9pA o7G6UZT1kueYbVJDM+bYQ97YNP+Hn9Y6X36ctxyIFIoNAO/+fh+AHifFt+MjXB4l8LmX I/s8yFTxn8J2ZjEMBEc8QhfaxM4oozuOteC0c9OQQtke2mx+U2JuShhWV6S6mLFOGDtu Lnfn3rAk0UtTO7WF6w4JohwLG71S3XBUKC9ZgphrEPdxge7zDIipOYyVZJ4yK7GDl+XI 2W2qsZXvgo5DhUuj72hPwzkYl2y0XlwV6qGapC7/75gJ163cDIS9nMrfh+ptpzE4xttl EWIw== X-Gm-Message-State: AOAM532chEJ5BtNVI+yYtsIYxMs6U2+Sm5vUj+XECC1Zl5F7m1dZh25A Y16VFiFzY4Y2GPEoxCraq+ZVxxY0mzXFpQ== X-Received: by 2002:adf:ab50:: with SMTP id r16mr19080712wrc.235.1604317746019; Mon, 02 Nov 2020 03:49:06 -0800 (PST) Received: from dell ([91.110.221.242]) by smtp.gmail.com with ESMTPSA id a3sm14865167wmb.46.2020.11.02.03.49.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Nov 2020 03:49:05 -0800 (PST) Date: Mon, 2 Nov 2020 11:49:03 +0000 From: Lee Jones To: David Laight Cc: "gregkh@linuxfoundation.org" , "arnd@arndb.de" , "linux-kernel@vger.kernel.org" , Rodolfo Giometti , "Eurotech S.p.A" , Geert Uytterhoeven Subject: Re: [PATCH 1/2] misc: c2port: core: Make copying name from userspace more secure Message-ID: <20201102114903.GN4127@dell> References: <20201102111211.1047972-1-lee.jones@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 02 Nov 2020, David Laight wrote: > From: Lee Jones > > Sent: 02 November 2020 11:12 > > > > strncpy() may not provide a NUL terminator, which means that a 1-byte > > leak would be possible *if* this was ever copied to userspace. Ensure > > the buffer will always be NUL terminated by using the kernel's > > strscpy() which a) uses the destination (instead of the source) size > > as the bytes to copy and b) is *always* NUL terminated. > > > > Cc: Rodolfo Giometti > > Cc: "Eurotech S.p.A" > > Reported-by: Geert Uytterhoeven > > Acked-by: Arnd Bergmann > > Signed-off-by: Lee Jones > > --- > > drivers/misc/c2port/core.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c > > index 80d87e8a0bea9..b96444ec94c7e 100644 > > --- a/drivers/misc/c2port/core.c > > +++ b/drivers/misc/c2port/core.c > > @@ -923,7 +923,7 @@ struct c2port_device *c2port_device_register(char *name, > > } > > dev_set_drvdata(c2dev->dev, c2dev); > > > > - strncpy(c2dev->name, name, C2PORT_NAME_LEN - 1); > > + strscpy(c2dev->name, name, sizeof(c2dev->name)); > > strscpy() doesn't zero fill so if the memory isn't zeroed > and a 'blind' copy to user of the structure is done > then more data is leaked. > > strscpy() may be better, but rational isn't right. The original patch zeroed the data too, but I was asked to remove that part [0]. In your opinion, should it be reinstated? [0] https://lore.kernel.org/patchwork/patch/1272290/ -- Lee Jones [李琼斯] Senior Technical Lead - Developer Services Linaro.org │ Open source software for Arm SoCs Follow Linaro: Facebook | Twitter | Blog