Re: [PATCH] tracing/uprobe: Replace strlcpy() with strscpy()
From: Google
Date: Fri Dec 01 2023 - 00:51:39 EST
On Thu, 30 Nov 2023 12:56:08 -0800
Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> strlcpy() reads the entire source buffer first. This read may exceed
> the destination size limit. This is both inefficient and can lead
> to linear read overflows if a source string is not NUL-terminated[1].
> Additionally, it returns the size of the source string, not the
> resulting size of the destination string. In an effort to remove strlcpy()
> completely[2], replace strlcpy() here with strscpy().
>
> The negative return value is already handled by this code so no new
> handling is needed here.
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
> Link: https://github.com/KSPP/linux/issues/89 [2]
> Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
> Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
> Cc: linux-trace-kernel@xxxxxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Thanks for reporting! Let me pick this.
Thanks!
> ---
> kernel/trace/trace_uprobe.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
> index 99c051de412a..a84b85d8aac1 100644
> --- a/kernel/trace/trace_uprobe.c
> +++ b/kernel/trace/trace_uprobe.c
> @@ -151,7 +151,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
> return -ENOMEM;
>
> if (addr == FETCH_TOKEN_COMM)
> - ret = strlcpy(dst, current->comm, maxlen);
> + ret = strscpy(dst, current->comm, maxlen);
> else
> ret = strncpy_from_user(dst, src, maxlen);
> if (ret >= 0) {
> --
> 2.34.1
>
--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>