* [linux-next:master 1915/2290] fs/fuse/dir.c:505:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-se...
@ 2021-11-19 12:37 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-11-19 12:37 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 16929 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Vivek Goyal <vgoyal@redhat.com>
CC: Miklos Szeredi <mszeredi@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 5191249f880367a4cd675825cd721a8d78f26a45
commit: 97de0e80fd4a8f5f80a20d075a48160d24bc9a74 [1915/2290] fuse: send security context of inode on file
:::::: branch date: 32 hours ago
:::::: commit date: 2 days ago
config: riscv-randconfig-c006-20211118 (attached as .config)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=97de0e80fd4a8f5f80a20d075a48160d24bc9a74
git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git fetch --no-tags linux-next master
git checkout 97de0e80fd4a8f5f80a20d075a48160d24bc9a74
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
lib/vsprintf.c:3113:4: note: Control jumps to the 'default' case at line 3122
switch (*fmt) {
^
lib/vsprintf.c:3123:9: note: Assuming the condition is false
if (!isalnum(*fmt)) {
^~~~~~~~~~~~~~
lib/vsprintf.c:3123:5: note: Taking false branch
if (!isalnum(*fmt)) {
^
lib/vsprintf.c:3127:11: note: Calling 'pointer'
str = pointer(fmt, str, end, va_arg(args, void *),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vsprintf.c:2396:2: note: Control jumps to 'case 105:' at line 2425
switch (*fmt) {
^
lib/vsprintf.c:2429:10: note: Calling 'ip_addr_string'
return ip_addr_string(buf, end, ptr, spec, fmt);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vsprintf.c:1597:2: note: Taking false branch
if (check_pointer(&buf, end, ptr, spec))
^
lib/vsprintf.c:1600:2: note: Control jumps to 'case 52:' at line 1603
switch (fmt[1]) {
^
lib/vsprintf.c:1604:10: note: Calling 'ip4_addr_string'
return ip4_addr_string(buf, end, ptr, spec, fmt);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vsprintf.c:1489:2: note: Calling 'ip4_string'
ip4_string(ip4_addr, addr, fmt);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vsprintf.c:1328:2: note: Control jumps to the 'default' case at line 1344
switch (fmt[2]) {
^
lib/vsprintf.c:1347:3: note: Execution continues on line 1349
break;
^
lib/vsprintf.c:1349:2: note: Loop condition is true. Entering loop body
for (i = 0; i < 4; i++) {
^
lib/vsprintf.c:1351:16: note: Calling 'put_dec_trunc8'
int digits = put_dec_trunc8(temp, addr[index]) - temp;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vsprintf.c:219:6: note: Assuming 'r' is >= 100
if (r < 100)
^~~~~~~
lib/vsprintf.c:219:2: note: Taking false branch
if (r < 100)
^
lib/vsprintf.c:228:6: note: Assuming 'q' is >= 100
if (q < 100)
^~~~~~~
lib/vsprintf.c:228:2: note: Taking false branch
if (q < 100)
^
lib/vsprintf.c:237:6: note: Assuming 'r' is < 100
if (r < 100)
^~~~~~~
lib/vsprintf.c:237:2: note: Taking true branch
if (r < 100)
^
lib/vsprintf.c:238:3: note: Control jumps to line 249
goto out_r;
^
lib/vsprintf.c:250:9: note: Assuming 'r' is >= 10
buf += r < 10 ? 1 : 2;
^~~~~~
lib/vsprintf.c:250:9: note: '?' condition is false
lib/vsprintf.c:1351:16: note: Returning from 'put_dec_trunc8'
int digits = put_dec_trunc8(temp, addr[index]) - temp;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vsprintf.c:1352:7: note: Assuming 'leading_zeros' is false
if (leading_zeros) {
^~~~~~~~~~~~~
lib/vsprintf.c:1352:3: note: Taking false branch
if (leading_zeros) {
^
lib/vsprintf.c:1359:10: note: The value 5 is assigned to 'digits'
while (digits--)
^~~~~~~~
lib/vsprintf.c:1359:3: note: Loop condition is true. Entering loop body
while (digits--)
^
lib/vsprintf.c:1360:9: note: Assigned value is garbage or undefined
*p++ = temp[digits];
^ ~~~~~~~~~~~~
lib/vsprintf.c:1423:4: warning: Value stored to 'needcolon' is never read [clang-analyzer-deadcode.DeadStores]
needcolon = false;
^ ~~~~~
lib/vsprintf.c:1423:4: note: Value stored to 'needcolon' is never read
needcolon = false;
^ ~~~~~
lib/vsprintf.c:1791:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(p, *fourcc & BIT(31) ? " big-endian" : " little-endian");
^~~~~~
lib/vsprintf.c:1791:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(p, *fourcc & BIT(31) ? " big-endian" : " little-endian");
^~~~~~
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
>> fs/fuse/dir.c:505:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(ptr, name);
^~~~~~
fs/fuse/dir.c:505:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(ptr, name);
^~~~~~
>> fs/fuse/dir.c:762:2: warning: Address of stack memory associated with local variable 'outarg' is still referred to by the stack variable 'args' upon returning to the caller. This will be a dangling reference [clang-analyzer-core.StackAddressEscape]
return err;
^
fs/fuse/dir.c:829:9: note: Calling 'create_new_entry'
return create_new_entry(fm, &args, dir, entry, S_IFLNK);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fuse/dir.c:700:2: note: Taking false branch
if (fuse_is_bad(dir))
^
fs/fuse/dir.c:704:6: note: Assuming 'forget' is non-null
if (!forget)
^~~~~~~
fs/fuse/dir.c:704:2: note: Taking false branch
if (!forget)
^
fs/fuse/dir.c:713:6: note: Assuming field 'init_security' is not equal to 0
if (fm->fc->init_security && args->opcode != FUSE_LINK) {
^~~~~~~~~~~~~~~~~~~~~
fs/fuse/dir.c:713:6: note: Left side of '&&' is true
fs/fuse/dir.c:713:37: note: Field 'opcode' is not equal to FUSE_LINK
if (fm->fc->init_security && args->opcode != FUSE_LINK) {
^
fs/fuse/dir.c:713:2: note: Taking true branch
if (fm->fc->init_security && args->opcode != FUSE_LINK) {
^
fs/fuse/dir.c:716:7: note: 'err' is -12
if (err)
^~~
fs/fuse/dir.c:716:3: note: Taking true branch
if (err)
^
fs/fuse/dir.c:717:4: note: Control jumps to line 761
goto out_put_forget_req;
^
fs/fuse/dir.c:762:2: note: Address of stack memory associated with local variable 'outarg' is still referred to by the stack variable 'args' upon returning to the caller. This will be a dangling reference
return err;
^
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
fs/fuse/file.c:1392:44: warning: The left operand of '<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
while (nbytes < *nbytesp && ap->num_pages < max_pages) {
^
fs/fuse/file.c:1591:2: note: Taking false branch
if (fuse_is_bad(inode))
^
fs/fuse/file.c:1594:6: note: Left side of '&&' is false
if (FUSE_IS_DAX(inode))
^
fs/fuse/fuse_i.h:1269:57: note: expanded from macro 'FUSE_IS_DAX'
#define FUSE_IS_DAX(inode) (IS_ENABLED(CONFIG_FUSE_DAX) && IS_DAX(inode))
^
fs/fuse/file.c:1597:6: note: Assuming the condition is false
if (!(ff->open_flags & FOPEN_DIRECT_IO))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fuse/file.c:1597:2: note: Taking false branch
if (!(ff->open_flags & FOPEN_DIRECT_IO))
^
fs/fuse/file.c:1600:10: note: Calling 'fuse_direct_write_iter'
return fuse_direct_write_iter(iocb, from);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fuse/file.c:1553:6: note: Assuming 'res' is > 0
if (res > 0) {
^~~~~~~
fs/fuse/file.c:1553:2: note: Taking true branch
if (res > 0) {
^
fs/fuse/file.c:1554:7: note: Left side of '&&' is true
if (!is_sync_kiocb(iocb) && iocb->ki_flags & IOCB_DIRECT) {
^
fs/fuse/file.c:1554:31: note: Assuming the condition is true
if (!is_sync_kiocb(iocb) && iocb->ki_flags & IOCB_DIRECT) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fuse/file.c:1554:3: note: Taking true branch
if (!is_sync_kiocb(iocb) && iocb->ki_flags & IOCB_DIRECT) {
^
fs/fuse/file.c:1555:10: note: Calling 'fuse_direct_IO'
res = fuse_direct_IO(iocb, from);
^~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fuse/file.c:2834:34: note: Left side of '&&' is false
if ((iov_iter_rw(iter) == READ) && (offset >= i_size))
^
fs/fuse/file.c:2838:6: note: Assuming 'io' is non-null
if (!io)
^~~
fs/fuse/file.c:2838:2: note: Taking false branch
if (!io)
^
fs/fuse/file.c:2840:2: note: Loop condition is false. Exiting loop
spin_lock_init(&io->lock);
^
include/linux/spinlock.h:329:35: note: expanded from macro 'spin_lock_init'
# define spin_lock_init(lock) \
^
fs/fuse/file.c:2857:6: note: Assuming field 'async' is 0
if (io->async && !io->write && offset + count > i_size) {
^~~~~~~~~
fs/fuse/file.c:2857:16: note: Left side of '&&' is false
if (io->async && !io->write && offset + count > i_size) {
^
fs/fuse/file.c:2867:7: note: Assuming the condition is false
vim +505 fs/fuse/dir.c
e5e5558e923f358 Miklos Szeredi 2005-09-09 461
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 462 static int get_security_context(struct dentry *entry, umode_t mode,
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 463 void **security_ctx, u32 *security_ctxlen)
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 464 {
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 465 struct fuse_secctx *fctx;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 466 struct fuse_secctx_header *header;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 467 void *ctx = NULL, *ptr;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 468 u32 ctxlen, total_len = sizeof(*header);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 469 int err, nr_ctx = 0;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 470 const char *name;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 471 size_t namelen;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 472
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 473 err = security_dentry_init_security(entry, mode, &entry->d_name,
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 474 &name, &ctx, &ctxlen);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 475 if (err) {
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 476 if (err != -EOPNOTSUPP)
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 477 goto out_err;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 478 /* No LSM is supporting this security hook. Ignore error */
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 479 ctxlen = 0;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 480 ctx = NULL;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 481 }
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 482
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 483 if (ctxlen) {
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 484 nr_ctx = 1;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 485 namelen = strlen(name) + 1;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 486 err = -EIO;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 487 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 488 goto out_err;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 489 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 490 }
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 491
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 492 err = -ENOMEM;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 493 header = ptr = kzalloc(total_len, GFP_KERNEL);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 494 if (!ptr)
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 495 goto out_err;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 496
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 497 header->nr_secctx = nr_ctx;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 498 header->size = total_len;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 499 ptr += sizeof(*header);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 500 if (nr_ctx) {
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 501 fctx = ptr;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 502 fctx->size = ctxlen;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 503 ptr += sizeof(*fctx);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 504
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 @505 strcpy(ptr, name);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 506 ptr += namelen;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 507
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 508 memcpy(ptr, ctx, ctxlen);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 509 }
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 510 *security_ctxlen = total_len;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 511 *security_ctx = header;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 512 err = 0;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 513 out_err:
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 514 kfree(ctx);
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 515 return err;
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 516 }
97de0e80fd4a8f5 Vivek Goyal 2021-11-11 517
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 33265 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-11-19 12:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-19 12:37 [linux-next:master 1915/2290] fs/fuse/dir.c:505:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-se kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.