From: "J . Bruce Fields" <bfields@fieldses.org>
To: Kees Cook <keescook@chromium.org>
Cc: Daniel Micay <danielmicay@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Dave Jones <davej@codemonkey.org.uk>,
Anna Schumaker <schumaker.anna@gmail.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
kasan-dev <kasan-dev@googlegroups.com>
Subject: Re: [PATCH] replace incorrect strscpy use in FORTIFY_SOURCE
Date: Tue, 18 Jul 2017 10:54:03 -0400 [thread overview]
Message-ID: <20170718145403.GC19030@fieldses.org> (raw)
In-Reply-To: <CAGXu5j+yRZWTouM9m1gKg3MtxT5tGgjoZOYWeAHZDz8MgjYdng@mail.gmail.com>
On Fri, Jul 14, 2017 at 04:51:31PM -0700, Kees Cook wrote:
> On Fri, Jul 14, 2017 at 2:28 PM, Daniel Micay <danielmicay@gmail.com> wrote:
> > Using strscpy was wrong because FORTIFY_SOURCE is passing the maximum
> > possible size of the outermost object, but strscpy defines the count
> > parameter as the exact buffer size, so this could copy past the end of
> > the source. This would still be wrong with the planned usage of
> > __builtin_object_size(p, 1) for intra-object overflow checks since it's
> > the maximum possible size of the specified object with no guarantee of
> > it being that large.
> >
> > Reuse of the fortified functions like this currently makes the runtime
> > error reporting less precise but that can be improved later on.
> >
> > Signed-off-by: Daniel Micay <danielmicay@gmail.com>
>
> Thanks for fixing this! Linus, do you want to take this directly or
> have it go via -mm where fortify landed originally?
>
> Acked-by: Kees Cook <keescook@chromium.org>
>
> As far as testing goes, was the NFS tree not in -next, or was a test
> not running against -next? I'm curious why it took until the NFS tree
> landed in Linus's tree for this to get noticed. Fortify was in -next
> for a while...
There was a last-minute rebase of that tree. I don't see anything
relevant there. The code in question has been the same for ages. But I
most be overlooking something.... I guess it could be interesting to
bisect to figure out when the warning started.
--b.
prev parent reply other threads:[~2017-07-18 14:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-14 21:28 [PATCH] replace incorrect strscpy use in FORTIFY_SOURCE Daniel Micay
2017-07-14 23:51 ` Kees Cook
2017-07-15 0:23 ` Daniel Micay
2017-07-18 14:54 ` J . Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718145403.GC19030@fieldses.org \
--to=bfields@fieldses.org \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=danielmicay@gmail.com \
--cc=davej@codemonkey.org.uk \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=schumaker.anna@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.