Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp3464175pxt;
        Tue, 10 Aug 2021 04:24:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwuu7gjxgnOEHR8ZfnKTPMAi1ASgrnQLPfsTTZEakK5RZawJBnWiC4FPsL8eXor86Wuc/os
X-Received: by 2002:a17:906:f92:: with SMTP id q18mr28036693ejj.353.1628594670055;
        Tue, 10 Aug 2021 04:24:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1628594670; cv=none;
        d=google.com; s=arc-20160816;
        b=q/RL/sN+4I/5cZvxA2T9j4g0VvOJ9AFNHHbaZYVdCUsCN7tH25JukZPaU7LuRJF4Ms
         nYXEqw3Hp8t7O/UIvoH8GCgeqljP3RDJrw1KGsE0ffT/YiP+kegbfbgLoZH0wIH8jcQi
         kcXVSMdQqulyTy/IVyJRxY+2gp8meZxbIbVetrUklszsnaa2VBFwcLteM0yjRrupgNYr
         m5KEPNwFa39Xn7srwlqV8naQZxwL2TLpfqSPe0l3bCP2c50PNhhDuyMZg4aCVhBgMtch
         /rzS5L7//unb5stqwEgb3Op0ymeDCJf6iXaq6v5RFmCmIU2U9aaKkQuY4tp+ZOy/jcoK
         IRrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:accept-language:in-reply-to:references:message-id:date
         :thread-index:thread-topic:subject:cc:to:from;
        bh=6/hMbR00yhACguZLWZQ5dGQ48PXZksrqHMqxhG0gOv0=;
        b=YN/DceqU/58MiwYEkIL21MFx1NxCJlWgUTxmMk62AsSKGPQVcSY5PGdWJygEYZ7PCq
         U2fWAC/g5jN5U/+FKih5bHaL4H/L99VxPrduezSVyCAlmiRLPzzDhbDJ66tHUu1nUUYE
         Z6xewHL/hfAMawYyjd5UPV27n6kNxvZi9CBuYfqOw/gyfISbHm2IFQZudNYOkurdm9XB
         peZU5cfKGnQ1IERVujzwcGL3zbduxQ2qAcsTE3RXh8IHU8XWCO7Vudye9SxYws2upwVQ
         Bhcz6z+dnduP942kIHi7RZwgK68mMsFuu9TFFoGuLTb+R7fjbZRwQQQXjDvb/qA5+qqn
         F/vg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f14si10198417ejx.716.2021.08.10.04.24.06;
        Tue, 10 Aug 2021 04:24:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238177AbhHJIaz convert rfc822-to-8bit (ORCPT
        <rfc822;liruijie0318@gmail.com> + 99 others);
        Tue, 10 Aug 2021 04:30:55 -0400
Received: from eu-smtp-delivery-151.mimecast.com ([185.58.86.151]:26840 "EHLO
        eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S238182AbhHJIay (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 10 Aug 2021 04:30:54 -0400
Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-227-5M0oF5-pMm2WfYqgjlKDBQ-1; Tue, 10 Aug 2021 09:30:27 +0100
X-MC-Unique: 5M0oF5-pMm2WfYqgjlKDBQ-1
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP
 Server (TLS) id 15.0.1497.23; Tue, 10 Aug 2021 09:30:26 +0100
Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by
 AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id
 15.00.1497.023; Tue, 10 Aug 2021 09:30:26 +0100
From:   David Laight <David.Laight@ACULAB.COM>
To:     'Jonathan Cameron' <Jonathan.Cameron@Huawei.com>,
        Andy Shevchenko <andy.shevchenko@gmail.com>
CC:     Jonathan Cameron <jic23@kernel.org>, Len Baker <len.baker@gmx.com>,
        Lars-Peter Clausen <lars@metafoo.de>,
        Kees Cook <keescook@chromium.org>,
        "linux-hardening@vger.kernel.org" <linux-hardening@vger.kernel.org>,
        linux-iio <linux-iio@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH v2] drivers/iio: Remove all strcpy() uses in favor of
 strscpy()
Thread-Topic: [PATCH v2] drivers/iio: Remove all strcpy() uses in favor of
 strscpy()
Thread-Index: AQHXjQAF/V94Z2zj4EedKEnvL+aRB6tsZ9qw
Date:   Tue, 10 Aug 2021 08:30:26 +0000
Message-ID: <9b509d0fd5c4459985aac9b35abe462b@AcuMS.aculab.com>
References: <20210807152225.9403-1-len.baker@gmx.com>
        <20210808172503.5187cd24@jic23-huawei>
        <CAHp75VfSX-7UqH9Lbr_GxQRY3dGjGo7H8++kBdrrSds1p6nB1Q@mail.gmail.com>
 <20210809102131.000021eb@Huawei.com>
In-Reply-To: <20210809102131.000021eb@Huawei.com>
Accept-Language: en-GB, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
        auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: aculab.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jonathan Cameron
> Sent: 09 August 2021 10:22
> 
> On Sun, 8 Aug 2021 22:00:34 +0300
> Andy Shevchenko <andy.shevchenko@gmail.com> wrote:
> 
> > On Sun, Aug 8, 2021 at 7:25 PM Jonathan Cameron <jic23@kernel.org> wrote:
> > >
> > > On Sat,  7 Aug 2021 17:22:25 +0200
> > > Len Baker <len.baker@gmx.com> wrote:
> > >
> > > > strcpy() performs no bounds checking on the destination buffer. This
> > > > could result in linear overflows beyond the end of the buffer, leading
> > > > to all kinds of misbehaviors. The safe replacement is strscpy().
> > > >
> > > > This patch is an effort to clean up the proliferation of str*()
> > > > functions in the kernel and a previous step in the path to remove
> > > > the strcpy function from the kernel entirely [1].
> > > >
> > > > [1] https://github.com/KSPP/linux/issues/88
> > > >
> > > > Signed-off-by: Len Baker <len.baker@gmx.com>
> > > Applied to the togreg branch of iio.git and pushed out as testing
> > > so 0-day can poke at it and see if we missed anything.
> >
> > Isn't it too early? Or am I missing something (see below)?
> >
> > ...
> >
> > > >                       /* use length + 2 for adding minus sign if needed */
> > > > -                     str = devm_kzalloc(regmap_get_device(st->map),
> > > > -                                        strlen(orient) + 2, GFP_KERNEL);
> > > > +                     n = strlen(orient) + 2;
> > > > +                     str = devm_kzalloc(regmap_get_device(st->map), n,
> > > > +                                        GFP_KERNEL);
> > > >                       if (str == NULL)
> > > >                               return -ENOMEM;
> > > >                       if (strcmp(orient, "0") == 0) {
> > > > -                             strcpy(str, orient);
> > > > +                             strscpy(str, orient, n);
> > > >                       } else if (orient[0] == '-') {
> > > > -                             strcpy(str, &orient[1]);
> > > > +                             strscpy(str, &orient[1], n);
> > > >                       } else {
> > > >                               str[0] = '-';
> > > > -                             strcpy(&str[1], orient);
> > > > +                             strscpy(&str[1], orient, n - 1);
> >
> > Why n-1?
> 
> n is the total length and this is printing from [1], so n - 1 is remaining
> space.

If you do:
	/* negate 'orient' */
	n = strlen(orient) + 1;
	str = malloc(n + 1);
	if (n == 2 && orient[0] == '0')
		memcpy(str, orient, n);
	else if (orient[0] == '-')
		memcpy(str, orient + 1, n - 1);
	else {
		str[0] = '-';
		memcpy(str + 1, orient, n);
	}
Then it is probably less confusing.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)