Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp81726pxb; Tue, 17 Aug 2021 19:51:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx2rBBgClHQnDjYADz+O2k1nNwv0dmrm/+iScYV4AWY9kF1XP1CUqNaFgdJgwgRQn4h+G28 X-Received: by 2002:aa7:c810:: with SMTP id a16mr7440659edt.195.1629255076960; Tue, 17 Aug 2021 19:51:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629255076; cv=none; d=google.com; s=arc-20160816; b=cica5rewHwMhUDc83aD4G7/ecXCam2NNn0sqb5d7z/rMWT0IMZorTv3iuNDGh8jsnk 0zORoki5i7tPrSaazUmtSV8CLpUXfnfITm4tu8T4yNKi60GH6ZvJ6Y+v6nnuya71RGZK XR4K8VhRP68oa2V66qYWfpCdt746u0OUY1RAn43rGja6B5NbgEJldoYBJoQlkU2jl27G Y25+HNJJK8yUJrl6EU1bfcTXx/Ppr2IaKkElr/3TkAQlbwrKgSFibeESvjvRFpQ3oWLx zwfO7KH1VY74UKVGPYNimfzZqsrutV0FGD1D4CWRnhlK+YgBg1uzsVBGIpxB9/QljeLA 0+4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RWmXHWwVFrhlQDHC2rVDGYKlpIeA9JdQ6DniyzAK9as=; b=iXI7IW6VIJI7LnQ5CbT3ywu8MBrwsouoBCW+wnUtEzbZX2xwshkJKM8f8a8yhIJAV9 GuSsTFijpMdB7W8GtoScR+L7TpSi2iq/Y6XCRq125L8nObgzJ2ECsvVWVYAc00eWgkUQ BO4XPm6EklzeNEURvfFYr2DRYoxEikvSND4PADXLjf2ylPmo6vX2JnmMRJA71dZSrcMI 351e30kf5R9ou8RygnuG84Mwo1dxEmjGeT8FV6Ot4ZIPGynmi+O8E+Xyaikt8H32kvfa cH65aEukFIzNZH/wJ3CCu9wW8/2vVZdg1w6/ltK1G9B0nrXQZE2r6QzFGLlzbceQiS/o WL8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qh1RLH0G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hp28si1232159ejc.709.2021.08.17.19.50.53; Tue, 17 Aug 2021 19:51:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qh1RLH0G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235447AbhHRCrZ (ORCPT + 99 others); Tue, 17 Aug 2021 22:47:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231449AbhHRCrZ (ORCPT ); Tue, 17 Aug 2021 22:47:25 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E252EC061764; Tue, 17 Aug 2021 19:46:50 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id d16so2284621ljq.4; Tue, 17 Aug 2021 19:46:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RWmXHWwVFrhlQDHC2rVDGYKlpIeA9JdQ6DniyzAK9as=; b=qh1RLH0Gd1nVywJwS084M5nIdCuU3fLrE9me78hJx6YJWUywAhES+Rv22p+/SPc1fL 9o4aeQ5FiuDpY9zA9fe7S7dVA4fZUyI0E4Ck5FCqY8OVxp4fGUDqm72VfRFfCvL7da0s 4gfx8Sp6sXTCSvkI+kKDtqnennbd/VEodL+hFPm8gJTXqV7kaQYtgFavrFzglcF1/0lP 6wjk56Z64KV378ezVD85SjvFX3TL1C1oxgjDzi6C/yhxLPewDD/qTijgJGHcgkvlRVOg J8Aqjwzc0qVGN8vltM4wiET4xJtYKs6RgUEE+GaZ8Dgkuw0j2UafSoX7quwlrC18yH/I qF4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RWmXHWwVFrhlQDHC2rVDGYKlpIeA9JdQ6DniyzAK9as=; b=ofk6dNko7gOv6EH1BcsFR7e5KlqhA7zX/gQlmirei1sa+PNZAKlwb6ToBc7Aqrbjac 8DeFEdPaaAQ8KMuThXF7Qgj5Ndt9+RGTuAjby3b32JCQ6UBgo9uIEvNPzHbJ32eomJO9 ijZ/MwHhxSaJzKsWOJrF6Z5BaZ/TZq2qTtFXMVwIL8mAMKIs0fDoR4rO8x7SSOFjrKEL Qof9obgB0SXVaIJe6ngQQcyiDm1kUdyYFbV+9A1xHup5zk5dHsnnab1U5/s3k6INvQF6 uyHvQwW5tKEbW7eTYj8bfTQyorKze6ABRVZojkOKkq6y6zdwc8U23SuIvSN+WgnkI3d4 tV/A== X-Gm-Message-State: AOAM531S6D1+zdBeNjTkXwmmkPX8uNmG2OtAuZoyAdgNVzQ/Kq4nr3cK isNM7/XQ7AtJHqWAPoQ9vSRUBfIxF4dCNRkkvGI= X-Received: by 2002:a2e:a884:: with SMTP id m4mr5841362ljq.406.1629254809157; Tue, 17 Aug 2021 19:46:49 -0700 (PDT) MIME-Version: 1.0 References: <20210817102709.15046-1-len.baker@gmx.com> <87im03h9zb.fsf@cjr.nz> In-Reply-To: <87im03h9zb.fsf@cjr.nz> From: Steve French Date: Tue, 17 Aug 2021 21:46:38 -0500 Message-ID: Subject: Re: [PATCH] CIFS: Fix a potencially linear read overflow To: Paulo Alcantara Cc: Len Baker , Steve French , Jeff Layton , Suresh Jayaraman , CIFS , samba-technical , LKML , Kees Cook , linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org tentatively merged into cifs-2.6.git for-next pending testing On Tue, Aug 17, 2021 at 7:29 PM Paulo Alcantara wrote: > > Len Baker writes: > > > strlcpy() reads the entire source buffer first. This read may exceed the > > destination size limit. This is both inefficient and can lead to linear > > read overflows if a source string is not NUL-terminated. > > > > Also, the strnlen() call does not avoid the read overflow in the strlcpy > > function when a not NUL-terminated string is passed. > > > > So, replace this block by a call to kstrndup() that avoids this type of > > overflow and does the same. > > > > Fixes: 066ce6899484d ("cifs: rename cifs_strlcpy_to_host and make it use new functions") > > Signed-off-by: Len Baker > > --- > > fs/cifs/cifs_unicode.c | 9 ++------- > > 1 file changed, 2 insertions(+), 7 deletions(-) > > Reviewed-by: Paulo Alcantara (SUSE) -- Thanks, Steve