Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1112726rwb; Thu, 19 Jan 2023 06:50:19 -0800 (PST) X-Google-Smtp-Source: AMrXdXsGYBZJObQROeSv9mvIDhlOrmFKdJMv7X5+Q7G4761xPuzsoLMWS12l7t8PdY3exppK2jFy X-Received: by 2002:a05:6a00:a27:b0:566:900d:a1de with SMTP id p39-20020a056a000a2700b00566900da1demr14109532pfh.26.1674139818954; Thu, 19 Jan 2023 06:50:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674139818; cv=none; d=google.com; s=arc-20160816; b=hth5ujopkvvPTyFjGEgnRpp92tX08DR58tgo+i4fZeknM86eU3pt2amhQkPPA6eXdB izFBhRrOQtbFLFy7sPO1miNuzG0wQHP+nROOHszAE5w/GskGd05SKo1L1GlKM2v3AtZT Cx6DWVXKXGipknZG5pFKnB1Z3kh9GKsWtjOPe9rwtsjmL+NvP5dYmLviO2NIuLv2m5Hc TK2tDmoowZA56qh9BGSHjr9iTqQeBWYXzS6Hqsg7lrdCBhft/sp63fzMYWxS0AcJyO/K gPL5nC7lTBHuUYzGzrHgcKTXAPr3ctLO4UbqxOSWG1z5XrJTMyRW/Or+doLDdRCVnyzN iddw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=58Cix+5iRcNAm7+Mebt4ukWRjiEsHxfA5Phv7jZQzQg=; b=GTSdXqd5lRfdsDd3//3pCRg6h38x7WhZP6A4u+doJJVrwrzl9XL/DEho0i/2VsDOJF vlL4qotppqa4xDWo/3VtVU/qRv8l3mJA2UVwLfc+RCXXEraT6SuUEM6nmdxmRzka4E/F 2mhHp73szUTDduuq2VOEu5A4ILwS3bGcJMkM1hS75s8gr1WSz2Jw28XrZwJAXiNvH4kQ diogTlQO1wi4RQL46MxmlBV2UG2izW2NhWsbPbXRqVmwRqh1E98ecH43gFFMS0XmxbOw 7PPVvvPHUcqJramcJpmn7nGVlFB+7oydupP5tAzVlxiJa/+lJeZdZzwLfwDttU75Gw+d LvzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w186-20020a6230c3000000b0058954c5a9a3si28435180pfw.121.2023.01.19.06.50.13; Thu, 19 Jan 2023 06:50:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230427AbjASNgz (ORCPT + 44 others); Thu, 19 Jan 2023 08:36:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231248AbjASNej (ORCPT ); Thu, 19 Jan 2023 08:34:39 -0500 Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3336C7E6A9; Thu, 19 Jan 2023 05:34:37 -0800 (PST) Received: by mail-ej1-f51.google.com with SMTP id v6so5697057ejg.6; Thu, 19 Jan 2023 05:34:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=58Cix+5iRcNAm7+Mebt4ukWRjiEsHxfA5Phv7jZQzQg=; b=jOpnkeMLnjPPnVQY67O7NWMM5JDUB621yOfExSDntzSP0ZzrTl58QjJhnptbM060zu ELYBvE9TSDUoxUYEirxSDFIi2fuard97n5IjYIGaGHlj8nRG/0z3s1kigjW23Kba9RkN Z4FEoZTy3vuPCctbTu8rDhQkXGRapNGcKRkyS2P0gLRt8Y1VSZUNbCKzoJkM1iIzd/WQ 95NQJ8+8L0eZ/H9QXYlZJBssZfYjlSbYFjDaxZwn2MbFL2BIGsAAwfHimxC0YYDp84kW mEDas/0vYOKHhj+oOukXMO+28QNqAV8gxIav8sz2LqKQXlleHBZjLiG6pDLsGo9HDR83 gpAQ== X-Gm-Message-State: AFqh2krQCKfJXMay07u6W3RPmxcOcGyouYVjMviT0VOmma6/ht5frGGh hONTLx20gmQePW97K6GV0/evnkxFMSQIPpm05Og= X-Received: by 2002:a17:906:64a:b0:84d:3c6a:4c55 with SMTP id t10-20020a170906064a00b0084d3c6a4c55mr1459533ejb.509.1674135276370; Thu, 19 Jan 2023 05:34:36 -0800 (PST) MIME-Version: 1.0 References: <20230114085053.72059-1-W_Armin@gmx.de> <20230114085053.72059-2-W_Armin@gmx.de> In-Reply-To: <20230114085053.72059-2-W_Armin@gmx.de> From: "Rafael J. Wysocki" Date: Thu, 19 Jan 2023 14:34:25 +0100 Message-ID: Subject: Re: [PATCH 1/4] ACPI: battery: Fix missing NUL-termination with large strings To: Armin Wolf Cc: rafael@kernel.org, lenb@kernel.org, linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 14, 2023 at 9:51 AM Armin Wolf wrote: > > When encountering a string bigger than the destination buffer (32 bytes), > the string is not properly NUL-terminated, causing buffer overreads later. > > This for example happens on the Inspiron 3505, where the battery > model name is larger than 32 bytes, which leads to sysfs showing > the model name together with the serial number string (which is > NUL-terminated and thus prevents worse). > > Fix this by using strscpy() which ensures that the result is > always NUL-terminated. > > Signed-off-by: Armin Wolf > --- > drivers/acpi/battery.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c > index f4badcdde76e..fb64bd217d82 100644 > --- a/drivers/acpi/battery.c > +++ b/drivers/acpi/battery.c > @@ -440,7 +440,7 @@ static int extract_package(struct acpi_battery *battery, > > if (element->type == ACPI_TYPE_STRING || > element->type == ACPI_TYPE_BUFFER) > - strncpy(ptr, element->string.pointer, 32); > + strscpy(ptr, element->string.pointer, 32); > else if (element->type == ACPI_TYPE_INTEGER) { > strncpy(ptr, (u8 *)&element->integer.value, > sizeof(u64)); > -- Applied as 6.3 material, thanks! Please do not include this one in the next version of the series.