From: "H. Peter Anvin" <hpa@zytor.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@nokia.com>,
akpm@linux-foundation.org, phillip@lougher.demon.co.uk,
hsweeten@visionengravers.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] initramfs: strcpy destination string overflow
Date: Tue, 05 Oct 2010 09:00:29 -0700 [thread overview]
Message-ID: <4CAB4B9D.2020500@zytor.com> (raw)
In-Reply-To: <AANLkTinoCgO56O1kPNW3vjd9Nd1kY2SU34UH2RQa9qkE@mail.gmail.com>
On 10/05/2010 08:55 AM, Linus Torvalds wrote:
> On Tue, Oct 5, 2010 at 1:44 AM, Evgeny Kuznetsov
> <EXT-Eugeny.Kuznetsov@nokia.com> wrote:
>> From: Evgeny Kuznetsov <ext-eugeny.kuznetsov@nokia.com>
>>
>> Function "strcpy()" is used without check for maximum allowed
>> source string length and could cause destination string overflow.
>> "strcpy()" is replaced by "strlcpy()" to prevent destination
>> string overflow.
>
> I think this is wrong.
>
> If the name is too long to fit in the hash table, we should not create
> a new hash entry at all, because we'd be returning the wrong
> (truncated) name when we find it next time.
>
> So it would be much better to just do
>
> if (strlen(name) >= sizeof(q->name))
> return NULL;
>
> in find_link(), because as far as I can tell, the hard-linking is
> always just an optimization.
>
> Comments? Peter?
The hard-linking is unfortunately not just an optimization; if you
ignore it you will create one copy of the file and some number of
zero-length files, since the data isn't duplicated. As such, printk'ing
an error message and ignoring it is probably the right thing to do.
Truncation is definitely wrong.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
next prev parent reply other threads:[~2010-10-05 16:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-05 8:44 [PATCH 0/1] initramfs: strcpy destination string overflow Evgeny Kuznetsov
2010-10-05 8:44 ` [PATCH 1/1] " Evgeny Kuznetsov
2010-10-05 11:44 ` Américo Wang
2010-10-05 15:55 ` Linus Torvalds
2010-10-05 16:00 ` H. Peter Anvin [this message]
2010-10-05 16:51 ` Al Viro
2010-10-05 18:09 ` H. Peter Anvin
2010-10-06 8:58 ` Evgeny Kuznetsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CAB4B9D.2020500@zytor.com \
--to=hpa@zytor.com \
--cc=EXT-Eugeny.Kuznetsov@nokia.com \
--cc=akpm@linux-foundation.org \
--cc=hsweeten@visionengravers.com \
--cc=linux-kernel@vger.kernel.org \
--cc=phillip@lougher.demon.co.uk \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.