Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1642666pxb; Mon, 22 Feb 2021 07:19:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJwyj4ZlNgCPzjC6SIXoyaWh+4YMxhtr/JzHwdeMwfOED64r3GmCESZeYzXQ5og8QxZWgV4i X-Received: by 2002:a17:906:b84d:: with SMTP id ga13mr20975615ejb.112.1614007155213; Mon, 22 Feb 2021 07:19:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614007155; cv=none; d=google.com; s=arc-20160816; b=cVM7M0b4swru0ViCmlsUroc/dsLK0+3b/Di10jW4v1rjUGPkiFfgh+rGOS2egQ7jkS w4VsXIgGfKzTrkty/rG61sYkOcFGKkndFQzegir/I5nAQ04kSEzm27WxjVCcyqllS0X3 rSTaKs41zAk0AJnFZMvx/uMz8/UFWEZJQc/IEmN1yuhB3sAkAcDWlPZpTASykZp7VcQD CAiCQtDlXLnEqUfUz3WtMQKDI+wLY57NeOFHBrF9/O/LiG5n/vtv7zSWjwYbAJdxRSwD 67ingOeahl59pP/y0g3wWThE1e6NsaVXn0HLIsPVaxOLMMc21NMlYwUyMYyQ0WPG2pb/ /a3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=YByzcYLbOT1FbVq7W/iPz1yV9tO4yNodoZHiZ+8vsb4=; b=BLpbMO9bSTPLhdG4iWO0Uj9k8VNNQlWSqMerOCkwa+8dvGTr4u3+eDUJE0Nv7cUJXu IM6gaTKJoiGCkpm2b1yk40W79Zckzh7donior8m/PSMhAHooS/y+glRe3WJ5/CMqn2RA ruVO2pMtAL/fVI7O3xxlWj2nejAKStUZn632MP9tYc2w6GQI4NJPRYdqIN0Ta5cIPCBE aHA7s3cvsv7cVDUQD3hbm8t19hdyaf1LcaTBQhcshtf+cj+pkwV5pdxOe8ykyJZopecA lpIVdybtZBwtbBH/5/EU5SQIh53ipJCTJ+v62ooDfoHZMZcmyalDWRHRgdhAOX0iXvyq eFEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=R5bTKuwS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y8si12658492edw.240.2021.02.22.07.18.51; Mon, 22 Feb 2021 07:19:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=R5bTKuwS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231163AbhBVPP7 (ORCPT + 99 others); Mon, 22 Feb 2021 10:15:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231217AbhBVPNu (ORCPT ); Mon, 22 Feb 2021 10:13:50 -0500 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52337C061794; Mon, 22 Feb 2021 07:12:48 -0800 (PST) Received: by mail-wm1-x331.google.com with SMTP id v21so785156wml.4; Mon, 22 Feb 2021 07:12:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=YByzcYLbOT1FbVq7W/iPz1yV9tO4yNodoZHiZ+8vsb4=; b=R5bTKuwSZfiTHw6sQBKH/77xOM7ENB9Wls1sA2mT5ciYD1/ZMOeou2Exj8X3p+MbPY cUoivQD3TUa4RigPCyw3YoC3o1vIfe8umtW75zeiIxpZfHKb/h6bxwZVexAZHXWmDLBm OEcua6ZvtH4jIMiyhrS56W0+nTqUXMm7bN5XC1qRoxtiJiKLYdQD7gTbCoNU3lS1l0E2 gIRp+GBzjvJxR3vo1aYTFOBh4bfPnPbk7dx5MsQeOya+siDPjpnDs26vCPWnenTSPN/v yVHVAt/sq16RjIBcpQYcl9AiT1IKbIeB3AC7Y+i4njEdWtdOqL0QAaG43ySBwD+7AMlJ fI6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YByzcYLbOT1FbVq7W/iPz1yV9tO4yNodoZHiZ+8vsb4=; b=KPNvnTkPndu4kC2L2XTV4jHVNCzMhtPwUIMAWH/0LahY2NtKx/2K7ajAnUvFm+Uevt 2fjCs2xXQDct2W2ioY+qxqBZJoEFM9Ejp+/ygAvZz4DTn0fOlgcdDOWPsp3rwaCiiPqF Q9PdgBeJVGt7JGgdA9U7HUrdpZIYy02Pxk7c+mymr29w0WzCMfcRRHCLwgKoPOzaf3bL fD2oBzBsYcWVTtfprYy4jw5v5W3AFYPhRpXxIuGbyDoZDBNqOSLq85ASEFuVXUd+2ZPH SuIs6wnillkR3t+9eygMtwm4mbXdoHseL4gJR+o2Pny9cGGr2VwAQVnaddnGLHmfeFdp wbaQ== X-Gm-Message-State: AOAM532icpWPfVk7JawOaJRAZlRlFbwpfyR0dbY//hxhlL40cnCLP6f8 lMR8SDGTdgcwMvqcAcJgsj/AtKiO6h9AFQl8nWs= X-Received: by 2002:a7b:c184:: with SMTP id y4mr13880282wmi.1.1614006766877; Mon, 22 Feb 2021 07:12:46 -0800 (PST) Received: from debby (176-141-241-253.abo.bbox.fr. [176.141.241.253]) by smtp.gmail.com with ESMTPSA id m17sm24783523wmq.5.2021.02.22.07.12.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Feb 2021 07:12:46 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Sumit Semwal , =?UTF-8?q?Christian=20K=C3=B6nig?= Cc: Romain Perier , linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/20] dma-buf: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:15 +0100 Message-Id: <20210222151231.22572-5-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/dma-buf/dma-buf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index f264b70c383e..515192f2f404 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -42,12 +42,12 @@ static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) { struct dma_buf *dmabuf; char name[DMA_BUF_NAME_LEN]; - size_t ret = 0; + ssize_t ret = 0; dmabuf = dentry->d_fsdata; spin_lock(&dmabuf->name_lock); if (dmabuf->name) - ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN); + ret = strscpy(name, dmabuf->name, DMA_BUF_NAME_LEN); spin_unlock(&dmabuf->name_lock); return dynamic_dname(dentry, buffer, buflen, "/%s:%s",