Re: [PATCH] um,ethertap: refactor deprecated strncpy

From: Kees Cook
Date: Thu Sep 14 2023 - 23:04:29 EST

Next message: Amir Goldstein: "Re: [RFC PATCH 0/3] quering mount attributes"
Previous message: Dave Airlie: "[git pull] drm fixes for 6.6-rc2"
In reply to: Justin Stitt: "Re: [PATCH] um,ethertap: refactor deprecated strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 12, 2023 at 01:12:35PM -0700, Justin Stitt wrote:
> On Tue, Sep 12, 2023 at 12:36 AM Geert Uytterhoeven
> <geert@xxxxxxxxxxxxxx> wrote:
> >
> > Hi Justin,
> >
> > Thanks for your patch!
> >
> > On Mon, Sep 11, 2023 at 7:53 PM Justin Stitt <justinstitt@xxxxxxxxxx> wrote:
> > > `strncpy` is deprecated for use on NUL-terminated destination strings [1].
> > >
> > > `gate_buf` should always be NUL-terminated and does not require
> > > NUL-padding. It is used as a string arg inside an argv array given to
> >
> > Can you please explain why it does not require NUL-padding?
> > It looks like this buffer is passed eventually to a user space
> > application, thus possibly leaking uninitialized stack data.
>
> It looks like it's being passed as a list of command-line arguments in
> `run_helper()`. Should this be NUL-padded due to its eventual use in
> user space? If we think yes I can send a v2. Thanks for pointing this
> out.

No, it's passed as a pointer to a string, and the clone call will
ultimately make a copy-until-%NUL when building the new process. This
doesn't need padding.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

--
Kees Cook

Next message: Amir Goldstein: "Re: [RFC PATCH 0/3] quering mount attributes"
Previous message: Dave Airlie: "[git pull] drm fixes for 6.6-rc2"
In reply to: Justin Stitt: "Re: [PATCH] um,ethertap: refactor deprecated strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]