Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1639925pxb;
        Mon, 22 Feb 2021 07:15:20 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxFEmks1u0Ur49cHnmVMA9R63iRQUG3xPvheggWzHjG4OzLDmL6Zn3ir5eBbOggDJ3y2GRv
X-Received: by 2002:a05:6402:359:: with SMTP id r25mr7741349edw.118.1614006920466;
        Mon, 22 Feb 2021 07:15:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614006920; cv=none;
        d=google.com; s=arc-20160816;
        b=maTlZ5FD9YRtpRqgbD5lCiwMBjHCrcHY5mfuBFoOHxd0wg88MdmtKIdKy6LC5ZZNZS
         Z2IHp6L93PCOnfTNQyVR7EzV77nHTXG8mqjR1Ta0EyK5eu3MO9cgX5SIfSosTdPvz6Rk
         /bFwdQicNsDLUB0uloh4dVt7yTTetvGt/+GD0uloPjC2s/F/B2X/LsX0pC3ZVqk0p08k
         qmo5Rc/v7sArUnptNFUY07YAKKJYHhEhik69f6tlXXAuQiPrK9tUXY7ifRodzWk0Urit
         Q7Gb+dhSPtkM+vwcc/kfB4QhW4K+WwkCLdogRc0d6Hjd2gmyvLbLrFdJuhiQ/WUf/QqY
         0BLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=bS+BhtUH3R5L/9GDlP7BU+Ce2CmxRyCIWCNfBp1I6gM=;
        b=Dc71p9TCwoAsSVhBblQGWq8mCSTMvIl0xvxWvX8199cvxesg6UqPQymawzu39NSEYR
         U1jwVTIP75qdIIhTHbGaXpYT6AcG7KAT62CPqEWIDrRM4d4BYQSIq/XO4DP3+TfDGTrO
         ZPlMdDmxgzNAZsuGEDCjpyH2a8NdM2BGRTFpIhT09pRcZa8dIuYGtP7RctKiFrJa4BJC
         SN8GHvqjDlNAKXtPzcOrdjWAL1IDNSq80STUEjtRab2jNW2c+NDt9xEQSXZF1ochEvSD
         Guj0FiAzNtLUjYPCLGzvIsP3wxbu+NpDNk+Xy/vme/ljyoCQefQOaAEnWs0VpA0XU5rq
         mfBw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=V5cR30vb;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m15si2272071edd.260.2021.02.22.07.14.47;
        Mon, 22 Feb 2021 07:15:20 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=V5cR30vb;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230492AbhBVPNg (ORCPT <rfc822;krishna.desh2@gmail.com>
        + 99 others); Mon, 22 Feb 2021 10:13:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39950 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230282AbhBVPN2 (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 22 Feb 2021 10:13:28 -0500
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A168C06178B;
        Mon, 22 Feb 2021 07:12:46 -0800 (PST)
Received: by mail-wm1-x32e.google.com with SMTP id v21so785031wml.4;
        Mon, 22 Feb 2021 07:12:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=bS+BhtUH3R5L/9GDlP7BU+Ce2CmxRyCIWCNfBp1I6gM=;
        b=V5cR30vb5ardXeLt1d88QjtqI6/PZWMibuMU6FBWH9EF+5K4B7ctOb8EB9Nyw2+5O/
         B9DRlg8fmqjkflRlIWXPb5PmqND8ANbJzfMVVl6CfSc/H95nHm1PyuLvjBrysK2xDjmV
         eQLwLsWF227SCr5APVYITzaqAgCw//AAItH+IWl2SAeN4LzRXmXEYvJ6PecDGNySDc4p
         IoZJSdblCMO+SeXF9z861+jky4AvY48blDSwbc8Fqk59soEOkZ0EbZpniMgaPfg21OVW
         xxChBbjW63ip25O/FvjUxtYu+nOdaku8Z27gVkmqS2yhU3cjha3zgR6FIYJxsFTOQmWY
         2aZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=bS+BhtUH3R5L/9GDlP7BU+Ce2CmxRyCIWCNfBp1I6gM=;
        b=P7zPVmfq0L2FAyVXIzZhSK7oMqnyiAIkV0MrS5/63SBRIn9XPlwvo27JoWJMbF56iX
         ETGTCFppToRu764Ooa/cv2OaYxBMaI+uRWGD5GKz5KXURio3O6b6dEwJ1d+CRPRnlXTp
         5PpZnYRx7xtoFxFkdSh7my4EMI6ncMwRJqgNKyMMqpvGRqd//wBIe+9nt9pKVhiomx0i
         u2M+/WHA7GV8LEm2M7Rz3jC2EX5yhcCrFA9UjheG1MlmD64YAnovVV7FEudBHoCC7c2Z
         3gJu1in0Nf5XOxeRX2ZOVPqkjN+hIdg9NK952SqwLM4n1xLC4d1jIBRx8b3nwTxGvE4t
         WaeA==
X-Gm-Message-State: AOAM531Bu6FcuwTYrCyEBwBIjqQ29d+pu45+ud8MBEsfS399aoId+1kJ
        2Y1QVoYtcCAZSZppYz3dt1G6qmw8umO45MJl884=
X-Received: by 2002:a1c:7705:: with SMTP id t5mr14179710wmi.148.1614006764022;
        Mon, 22 Feb 2021 07:12:44 -0800 (PST)
Received: from debby (176-141-241-253.abo.bbox.fr. [176.141.241.253])
        by smtp.gmail.com with ESMTPSA id l1sm25932031wmi.48.2021.02.22.07.12.43
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 22 Feb 2021 07:12:43 -0800 (PST)
From:   Romain Perier <romain.perier@gmail.com>
To:     Kees Cook <keescook@chromium.org>,
        kernel-hardening@lists.openwall.com,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>
Cc:     Romain Perier <romain.perier@gmail.com>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 02/20] crypto: Manual replacement of the deprecated strlcpy() with return values
Date:   Mon, 22 Feb 2021 16:12:13 +0100
Message-Id: <20210222151231.22572-3-romain.perier@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210222151231.22572-1-romain.perier@gmail.com>
References: <20210222151231.22572-1-romain.perier@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The strlcpy() reads the entire source buffer first, it is dangerous if
the source buffer lenght is unbounded or possibility non NULL-terminated.
It can lead to linear read overflows, crashes, etc...

As recommended in the deprecated interfaces [1], it should be replaced
by strscpy.

This commit replaces all calls to strlcpy that handle the return values
by the corresponding strscpy calls with new handling of the return
values (as it is quite different between the two functions).

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy

Signed-off-by: Romain Perier <romain.perier@gmail.com>
---
 crypto/lrw.c |    6 +++---
 crypto/xts.c |    6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/lrw.c b/crypto/lrw.c
index bcf09fbc750a..4d35f4439012 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -357,10 +357,10 @@ static int lrw_create(struct crypto_template *tmpl, struct rtattr **tb)
 	 * cipher name.
 	 */
 	if (!strncmp(cipher_name, "ecb(", 4)) {
-		unsigned len;
+		ssize_t len;
 
-		len = strlcpy(ecb_name, cipher_name + 4, sizeof(ecb_name));
-		if (len < 2 || len >= sizeof(ecb_name))
+		len = strscpy(ecb_name, cipher_name + 4, sizeof(ecb_name));
+		if (len == -E2BIG || len < 2)
 			goto err_free_inst;
 
 		if (ecb_name[len - 1] != ')')
diff --git a/crypto/xts.c b/crypto/xts.c
index 6c12f30dbdd6..1dfe39d61418 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -396,10 +396,10 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
 	 * cipher name.
 	 */
 	if (!strncmp(cipher_name, "ecb(", 4)) {
-		unsigned len;
+		ssize_t len;
 
-		len = strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name));
-		if (len < 2 || len >= sizeof(ctx->name))
+		len = strscpy(ctx->name, cipher_name + 4, sizeof(ctx->name));
+		if (len == -E2BIG || len < 2)
 			goto err_free_inst;
 
 		if (ctx->name[len - 1] != ')')