Re: [PATCH 1/1] misc: c2port: core: Make copying name from userspace more secure

From: Arnd Bergmann
Date: Tue Jul 14 2020 - 05:01:56 EST

Next message: Chris Packham: "Re: procfs VmFlags table missing from online docs"
Previous message: Peter Zijlstra: "Re: [PATCH 2/2] locking/pvqspinlock: Optionally store lock holder cpu into lock"
In reply to: Lee Jones: "[PATCH 1/1] misc: c2port: core: Make copying name from userspace more secure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 14, 2020 at 10:33 AM Lee Jones <lee.jones@xxxxxxxxxx> wrote:
>
> Currently the 'c2dev' device data is not zeroed when its allocated.
> Coupled with the fact strncpy() *may not* provide a NUL terminator
> means that a 1-byte leak would be possible *if* this was ever copied
> to userspace.
>
> To prevent such a failing, let's first ensure the 'c2dev' device data
> area is fully zeroed out and ensure the buffer will always be NUL
> terminated by using the kernel's strscpy() which a) uses the
> destination (instead of the source) size as the bytes to copy and b)
> is *always* NUL terminated.
>
> Cc: Rodolfo Giometti <giometti@xxxxxxxxxxxx>
> Cc: "Eurotech S.p.A" <info@xxxxxxxxxxx>
> Reported-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
> Signed-off-by: Lee Jones <lee.jones@xxxxxxxxxx>

Acked-by: Arnd Bergmann <arnd@xxxxxxxx>

Next message: Chris Packham: "Re: procfs VmFlags table missing from online docs"
Previous message: Peter Zijlstra: "Re: [PATCH 2/2] locking/pvqspinlock: Optionally store lock holder cpu into lock"
In reply to: Lee Jones: "[PATCH 1/1] misc: c2port: core: Make copying name from userspace more secure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]