Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp4979959rwb;
        Tue, 8 Aug 2023 18:02:41 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEOr49fnAu6aNb4zlCfoyKJoltbvgSJ2Ykp9pnHUhYff/wf11Rb/ixmNFwjJmdsLPOvP3Vy
X-Received: by 2002:a19:641c:0:b0:4f9:5396:ed1b with SMTP id y28-20020a19641c000000b004f95396ed1bmr678872lfb.28.1691542961001;
        Tue, 08 Aug 2023 18:02:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691542960; cv=none;
        d=google.com; s=arc-20160816;
        b=npP+wE2wW2hPvlXeze1iuTiJFuBQC6bXpC8ILZkqn0WiBjJ7ubTRaYVaRm2zMUxnG0
         KGPh69CWNg1EMI00eExAqt4FJ4AINwg2Cn22+QnJHpFRZLbywKjkfRbB4rylyD0xDZil
         bXxNfbPmoJTEw+RYeF1xLj8bbovWseRZ2K5UOUG+AfNUN/9xdOrI2iO2CAfIls0kVC6u
         HUilOoqG7YMGgu4RmOU+HwrKzRbVaf12/VT44hIQVbP0i3IlJ9LRpLHP4WtASYNgM/fl
         cjdzg9gOI6Z0xOTUz1tUza1x9YHvSLOQ4cZfS+KQmrjBSGdwPD3VfKCoJzNo3Kh3pEzN
         s/Yw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=lqblCFCTh+EmaKPLXRE4ALPhve9OLFxNsVDoIhJ1mX4=;
        fh=q+idgjsNOfSeB0DE+ldLVkxZV9h+m6OLm8KWzgZjrCg=;
        b=DLFDOZoyHVVgf72DX4Av2rZwoDwde561MbBHfdLwqpc6Fi42vIrZG3PwDOmHVXx0sF
         2wUdS5MzERgGCZ6Ys8W62oSbJJL4pg5//dv+Xr9gddj3klgISBq2ozV4ETk/xvgHImdG
         q8NhyVz1jxkUO1GdR/4SGspi5S52iA/hgr1NDR0dNvGHysCZYmK2fu1G/33aYB90bGLn
         xTBUXtsHraD3FSRqcAInxtxH0TjiEelyX/epPe3HNaTVy2uhMkB9WnV18VjkkvXSYSrc
         68hpRXub5ZLyA2nL0qKVRPVj6/73fC/xBMI+ZkVV8PgqxtwctO4QfS1KhUt+cgQnu7qn
         yKSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id w22-20020a056402071600b005233721fcd7si4228296edx.483.2023.08.08.18.02.07;
        Tue, 08 Aug 2023 18:02:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230451AbjHHX5g (ORCPT <rfc822;artur.folwarczny@gmail.com>
        + 99 others); Tue, 8 Aug 2023 19:57:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60400 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229791AbjHHX5g (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 Aug 2023 19:57:36 -0400
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:237:300::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F3F419A1;
        Tue,  8 Aug 2023 16:57:35 -0700 (PDT)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
        (envelope-from <fw@strlen.de>)
        id 1qTWZt-0005i1-79; Wed, 09 Aug 2023 01:57:29 +0200
Date:   Wed, 9 Aug 2023 01:57:29 +0200
From:   Florian Westphal <fw@strlen.de>
To:     Justin Stitt <justinstitt@google.com>
Cc:     Pablo Neira Ayuso <pablo@netfilter.org>,
        Jozsef Kadlecsik <kadlec@netfilter.org>,
        Florian Westphal <fw@strlen.de>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        linux-hardening@vger.kernel.org, Kees Cook <keescook@chromium.org>,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy
Message-ID: <20230808235729.GK9741@breakpoint.cc>
References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com>
 <20230808-net-netfilter-v1-6-efbbe4ec60af@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230808-net-netfilter-v1-6-efbbe4ec60af@google.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Justin Stitt <justinstitt@google.com> wrote:
> Prefer `strscpy` to `strncpy` for use on NUL-terminated destination
> buffers.
> 
> This fixes a potential bug due to the fact that both `t->u.user.name`
> and `name` share the same size.

This replacement seems fine.

> Signed-off-by: Justin Stitt <justinstitt@google.com>
> 
> ---
> Here's an example of what happens when dest and src share same size:
> |  #define MAXLEN 5
> |  char dest[MAXLEN];
> |  const char *src = "hello";
> |  strncpy(dest, src, MAXLEN); // -> should use strscpy()
> |  // dest is now not NUL-terminated

This can't happen here, the source string is coming from the kernel
(xt target and matchinfo struct).

But, even if it would it should be fine, this function prepares
the translated 64bit blob which gets passed to translate_table(),
and that function has to check for '\0' presence.

Normally it handles the native (non-compat) data originating from
userspace, so m-->user.name can not be assumed to contain a \0.