Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1646928pxb; Mon, 22 Feb 2021 07:25:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJwP9Scc4/gGkB+jRsmJ8dXSEm9T7ZKn0EKnWwUrT500Doypjdx3QWGAlz81A4SoCiZu2GHH X-Received: by 2002:a05:6402:30b7:: with SMTP id df23mr12370246edb.282.1614007515560; Mon, 22 Feb 2021 07:25:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614007515; cv=none; d=google.com; s=arc-20160816; b=KTe3eIliAxrtFVQ/581YrGSIW3QvwpdcDlLaVR/S7pa87p+avH5GgVOXf1ift9Wa4b RpBQ2ahKZkwUWzk/kPI4H8AZJSVOxLljP0soxWlZKhrNWTMqeQrvZ5UygzKr5fJp0tsH Ihc7r7Vn77uFQ0CWefr1sSFVqd0nx9Jl6PE0gD/025TX4DKVDL8i3U0lcFy+rLmY17Pk 6bLOsS2NgGIPSVldsG/TFRYKVkiyhxNXEiWfVs3mxq7vqRn2gUD8aIC9/X/mLZwyd3pB sZ/ApxNUr1sKkI20zOL2ImUC9TJ6Jnvcr/FC80+ynAGXV4BVXeAzYgp0XeNVzjkxxOsN BsCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=24BL/iNm/fhU40HUi/hWtrmxaezcBQ+HXPsyjGQxBIo=; b=BO9a3YWqmTE69AVZBG77mnVOTF3EUHV2fU/c3LDEUfTb0Qf4xT9Ce+SiRz1KugoO7S 5PHXSLjTlZjZxmolZw7e73Kc2sgPrDG0FEvE1+j4P4AakxxB9D4ys+IAr/Upd9C5YZn0 CFFe7cxbkdJtPKkv1iqWWFiFSYSDbPERZWY5t27SLf7rhyJPepquQH8ewhqAvn0DKSOv KuiyVnJoH/9rQUVjTAJLYF00SOIyIby0tG5vyMdb2pxBhtCUveKovHbbag+X2ntcMdpp NieCdVpB7b57XB7exUdLytuHP/aDXiqkWYKHYR4FOn5ag7INBCE7sCk2GWqSZO03SReh 2Edw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="aaT0G/6T"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j23si13478546eje.690.2021.02.22.07.24.51; Mon, 22 Feb 2021 07:25:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="aaT0G/6T"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231733AbhBVPXC (ORCPT + 99 others); Mon, 22 Feb 2021 10:23:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231402AbhBVPPX (ORCPT ); Mon, 22 Feb 2021 10:15:23 -0500 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B33AEC061A32; Mon, 22 Feb 2021 07:13:07 -0800 (PST) Received: by mail-wr1-x42c.google.com with SMTP id v1so19443422wrd.6; Mon, 22 Feb 2021 07:13:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=24BL/iNm/fhU40HUi/hWtrmxaezcBQ+HXPsyjGQxBIo=; b=aaT0G/6TPkMVKasY0K+CD2HHIphx92WqXSKR482UnNPC/Dw6RTdYUajXcvWj5JxCpW 8sfT+13XlreR72oYWOKLWRxOzgMLwot2q8GXpJiWoq7vv8keyNgyGAEXQdIAJZsYFYxu 9oozI3VPNhjir/Dc8xRVF1efGRLRax2AL5U3xKZd7hI8ahM6/+EAqOeu+v5ExNEfvU6m YEXviYbfZtFcujSnXKa1vV3/Q31O/Ry8WfSmofK190AjXtfW9k71QJWUCY5NINQpW957 9mMzgZFjNzNAd7tyXyKdIA1tfAyIwnDAVCOtXKEkuIkii8yw8fvQhbc2VIO2C2wFJoeR 51Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=24BL/iNm/fhU40HUi/hWtrmxaezcBQ+HXPsyjGQxBIo=; b=mxSpTBxTu2odHRPXz3dO/N5Jxal2uKE+spaAxZY1g2TA5MBbEE72gAtgHnxE7duj8v tRXiG6+A0nqxwsq0Us5SPDHwA92GGyFHnLX/JUdJvffJKu+pmJ9O9QlCod17g7ufoz0Y dG4G/2nbYKr3yUPuuCSnZZ50UFBo2zsM4uk9KdrvYUeq+iWjFEUwINtaIurXUGTq/G5e ofEasL3kFZT3mxyoKZvuq6oUOKkDvFF1hujbMr/aWQu5pCWe4fZa6i5BvyHdCGv0fJ7k x1Mr40ljK9YyhYoPQEYBnpzHix13FOFuGNuNnkCrdEeZg8FnCnbZ0oQZH6gTZuvWr4T6 M+lA== X-Gm-Message-State: AOAM530NRopw+5KQgzZN3G9z+Uly/VphpyGyqse/j4mFb0YXMdBcdtIQ 4m1dVS2jmKSaRiOgNt1xjmUrVOeLUC0JOoOx7uw= X-Received: by 2002:a5d:5283:: with SMTP id c3mr21327841wrv.319.1614006786274; Mon, 22 Feb 2021 07:13:06 -0800 (PST) Received: from debby (176-141-241-253.abo.bbox.fr. [176.141.241.253]) by smtp.gmail.com with ESMTPSA id o13sm32313430wro.15.2021.02.22.07.13.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Feb 2021 07:13:05 -0800 (PST) From: Romain Perier To: Kees Cook , kernel-hardening@lists.openwall.com, Wim Van Sebroeck , Guenter Roeck Cc: Romain Perier , linux-watchdog@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 20/20] s390/watchdog: Manual replacement of the deprecated strlcpy() with return values Date: Mon, 22 Feb 2021 16:12:31 +0100 Message-Id: <20210222151231.22572-21-romain.perier@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com> References: <20210222151231.22572-1-romain.perier@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The strlcpy() reads the entire source buffer first, it is dangerous if the source buffer lenght is unbounded or possibility non NULL-terminated. It can lead to linear read overflows, crashes, etc... As recommended in the deprecated interfaces [1], it should be replaced by strscpy. This commit replaces all calls to strlcpy that handle the return values by the corresponding strscpy calls with new handling of the return values (as it is quite different between the two functions). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy Signed-off-by: Romain Perier --- drivers/watchdog/diag288_wdt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/watchdog/diag288_wdt.c b/drivers/watchdog/diag288_wdt.c index aafc8d98bf9f..5703f35dd0b7 100644 --- a/drivers/watchdog/diag288_wdt.c +++ b/drivers/watchdog/diag288_wdt.c @@ -111,7 +111,7 @@ static unsigned long wdt_status; static int wdt_start(struct watchdog_device *dev) { char *ebc_cmd; - size_t len; + ssize_t len; int ret; unsigned int func; @@ -126,7 +126,9 @@ static int wdt_start(struct watchdog_device *dev) clear_bit(DIAG_WDOG_BUSY, &wdt_status); return -ENOMEM; } - len = strlcpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + len = strscpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + if (len == -E2BIG) + return -E2BIG; ASCEBC(ebc_cmd, MAX_CMDLEN); EBC_TOUPPER(ebc_cmd, MAX_CMDLEN); @@ -163,7 +165,7 @@ static int wdt_stop(struct watchdog_device *dev) static int wdt_ping(struct watchdog_device *dev) { char *ebc_cmd; - size_t len; + ssize_t len; int ret; unsigned int func; @@ -173,7 +175,9 @@ static int wdt_ping(struct watchdog_device *dev) ebc_cmd = kmalloc(MAX_CMDLEN, GFP_KERNEL); if (!ebc_cmd) return -ENOMEM; - len = strlcpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + len = strscpy(ebc_cmd, wdt_cmd, MAX_CMDLEN); + if (len == -E2BIG) + return -E2BIG; ASCEBC(ebc_cmd, MAX_CMDLEN); EBC_TOUPPER(ebc_cmd, MAX_CMDLEN);