Re: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy
From: Florian Westphal
Date: Tue Aug 08 2023 - 19:39:09 EST
Justin Stitt <justinstitt@xxxxxxxxxx> wrote:
> Fixes several buffer overread bugs present in `ip_set_core.c` by using
> `strscpy` over `strncpy`.
>
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@xxxxxxxxxxxxxxx
> Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx>
>
> ---
> There exists several potential buffer overread bugs here. These bugs
> exist due to the fact that the destination and source strings may have
> the same length which is equal to the max length `IPSET_MAXNAMELEN`.
There is no truncation. Inputs are checked via nla_policy:
[IPSET_ATTR_SETNAME2] = { .type = NLA_NUL_STRING, .len = IPSET_MAXNAMELEN - 1 },