[PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
@ 2023-01-09 11:45 ` yang.yang29
  0 siblings, 0 replies; 7+ messages in thread
From: yang.yang29 @ 2023-01-09 11:45 UTC (permalink / raw)
  To: perex; +Cc: yang.yang29, xu.panda, alsa-devel, tiwai, linux-kernel

From: Xu Panda <xu.panda@zte.com.cn>

The implementation of strscpy() is more robust and safer.
That's now the recommended way to copy NUL-terminated strings.

Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
---
 sound/core/control_led.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sound/core/control_led.c b/sound/core/control_led.c
index f975cc85772b..c88653c205eb 100644
--- a/sound/core/control_led.c
+++ b/sound/core/control_led.c
@@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si
 	struct snd_ctl_elem_id id;
 	int err;

-	strncpy(buf2, buf, len);
-	buf2[len] = '\0';
+	strncpy(buf2, buf, len + 1);
 	memset(&id, 0, sizeof(id));
 	id.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
 	s = buf2;
-- 
2.15.2

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
@ 2023-01-09 11:45 ` yang.yang29
  0 siblings, 0 replies; 7+ messages in thread
From: yang.yang29 @ 2023-01-09 11:45 UTC (permalink / raw)
  To: perex; +Cc: tiwai, alsa-devel, linux-kernel, xu.panda, yang.yang29

From: Xu Panda <xu.panda@zte.com.cn>

The implementation of strscpy() is more robust and safer.
That's now the recommended way to copy NUL-terminated strings.

Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
---
 sound/core/control_led.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sound/core/control_led.c b/sound/core/control_led.c
index f975cc85772b..c88653c205eb 100644
--- a/sound/core/control_led.c
+++ b/sound/core/control_led.c
@@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si
 	struct snd_ctl_elem_id id;
 	int err;

-	strncpy(buf2, buf, len);
-	buf2[len] = '\0';
+	strncpy(buf2, buf, len + 1);
 	memset(&id, 0, sizeof(id));
 	id.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
 	s = buf2;
-- 
2.15.2

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
  2023-01-09 11:45 ` yang.yang29
@ 2023-01-09 12:40   ` Takashi Iwai
  -1 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2023-01-09 12:40 UTC (permalink / raw)
  To: yang.yang29; +Cc: linux-kernel, alsa-devel, xu.panda, tiwai

On Mon, 09 Jan 2023 12:45:51 +0100,
<yang.yang29@zte.com.cn> wrote:
> 
> From: Xu Panda <xu.panda@zte.com.cn>
> 
> The implementation of strscpy() is more robust and safer.
> That's now the recommended way to copy NUL-terminated strings.
> 
> Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
> Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
> ---
>  sound/core/control_led.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/sound/core/control_led.c b/sound/core/control_led.c
> index f975cc85772b..c88653c205eb 100644
> --- a/sound/core/control_led.c
> +++ b/sound/core/control_led.c
> @@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si
>  	struct snd_ctl_elem_id id;
>  	int err;
> 
> -	strncpy(buf2, buf, len);
> -	buf2[len] = '\0';
> +	strncpy(buf2, buf, len + 1);

Still using strncpy()...?


thanks,

Takashi

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
@ 2023-01-09 12:40   ` Takashi Iwai
  0 siblings, 0 replies; 7+ messages in thread
From: Takashi Iwai @ 2023-01-09 12:40 UTC (permalink / raw)
  To: yang.yang29; +Cc: perex, tiwai, alsa-devel, linux-kernel, xu.panda

On Mon, 09 Jan 2023 12:45:51 +0100,
<yang.yang29@zte.com.cn> wrote:
> 
> From: Xu Panda <xu.panda@zte.com.cn>
> 
> The implementation of strscpy() is more robust and safer.
> That's now the recommended way to copy NUL-terminated strings.
> 
> Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
> Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
> ---
>  sound/core/control_led.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/sound/core/control_led.c b/sound/core/control_led.c
> index f975cc85772b..c88653c205eb 100644
> --- a/sound/core/control_led.c
> +++ b/sound/core/control_led.c
> @@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si
>  	struct snd_ctl_elem_id id;
>  	int err;
> 
> -	strncpy(buf2, buf, len);
> -	buf2[len] = '\0';
> +	strncpy(buf2, buf, len + 1);

Still using strncpy()...?


thanks,

Takashi

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
  2023-01-09 11:45 ` yang.yang29
  (?)
  (?)
@ 2023-01-09 12:56 ` Takashi Sakamoto
  -1 siblings, 0 replies; 7+ messages in thread
From: Takashi Sakamoto @ 2023-01-09 12:56 UTC (permalink / raw)
  To: alsa-devel

Hi,

On Mon, Jan 9, 2023, at 20:45, yang.yang29@zte.com.cn wrote:
> From: Xu Panda <xu.panda@zte.com.cn>
>
> The implementation of strscpy() is more robust and safer.
> That's now the recommended way to copy NUL-terminated strings.
>
> Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
> Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
> ---
>  sound/core/control_led.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/sound/core/control_led.c b/sound/core/control_led.c
> index f975cc85772b..c88653c205eb 100644
> --- a/sound/core/control_led.c
> +++ b/sound/core/control_led.c
> @@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card 
> *led_card, const char *buf, si
>  	struct snd_ctl_elem_id id;
>  	int err;
>
> -	strncpy(buf2, buf, len);
> -	buf2[len] = '\0';
> +	strncpy(buf2, buf, len + 1);

The patch comment refers to strscpy(), however strncpy() is still used. I wonder
whether it is the intension of this patch. I think any trouble happended.

Anyway I'm for usage of strscpy() as the comment.

>  	memset(&id, 0, sizeof(id));
>  	id.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
>  	s = buf2;
> -- 
> 2.15.2

As another issue, I can see that the local variable, len, can bring buffer overrun
over buf2[256] since it has maximum value between the size of pointer and count
argument. Maricious user space application can attack as long as it has write
permission to the device attributes. I guess kernel stack can be broken by the
attack.

```
532    char buf2[256], *s, *os;
533    size_t len = max(sizeof(s) - 1, count);
...
537    strncpy(buf2, buf, len);
```

I'm already in bed today, so I hope anyone posts fix, or waiting tomorrow.


Regards

Takashi Sakamoto

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
  2023-01-09 12:40   ` Takashi Iwai
@ 2023-01-09 13:36     ` Jaroslav Kysela
  -1 siblings, 0 replies; 7+ messages in thread
From: Jaroslav Kysela @ 2023-01-09 13:36 UTC (permalink / raw)
  To: Takashi Iwai, yang.yang29; +Cc: xu.panda, alsa-devel, tiwai, linux-kernel

On 09. 01. 23 13:40, Takashi Iwai wrote:
> On Mon, 09 Jan 2023 12:45:51 +0100,
> <yang.yang29@zte.com.cn> wrote:
>>
>> From: Xu Panda <xu.panda@zte.com.cn>
>>
>> The implementation of strscpy() is more robust and safer.
>> That's now the recommended way to copy NUL-terminated strings.
>>
>> Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
>> Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
>> ---
>>   sound/core/control_led.c | 3 +--
>>   1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/sound/core/control_led.c b/sound/core/control_led.c
>> index f975cc85772b..c88653c205eb 100644
>> --- a/sound/core/control_led.c
>> +++ b/sound/core/control_led.c
>> @@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si
>>   	struct snd_ctl_elem_id id;
>>   	int err;
>>
>> -	strncpy(buf2, buf, len);
>> -	buf2[len] = '\0';
>> +	strncpy(buf2, buf, len + 1);
> 
> Still using strncpy()...?

The original code should be:

diff --git a/sound/core/control_led.c b/sound/core/control_led.c
index f975cc85772b..b44abefcb593 100644
--- a/sound/core/control_led.c
+++ b/sound/core/control_led.c
@@ -530,7 +530,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card 
*led_card, const char *buf, si
                           bool attach)
  {
         char buf2[256], *s, *os;
-       size_t len = max(sizeof(s) - 1, count);
+       size_t len = min(sizeof(buf2) - 1, count);
         struct snd_ctl_elem_id id;
         int err;

But it can be replaced with:

diff --git a/sound/core/control_led.c b/sound/core/control_led.c
index f975cc85772b..41d4e898d34c 100644
--- a/sound/core/control_led.c
+++ b/sound/core/control_led.c
@@ -530,12 +530,11 @@ static ssize_t set_led_id(struct snd_ctl_led_card 
*led_card, const char *buf, si
                           bool attach)
  {
         char buf2[256], *s, *os;
-       size_t len = max(sizeof(s) - 1, count);
         struct snd_ctl_elem_id id;
         int err;

-       strncpy(buf2, buf, len);
-       buf2[len] = '\0';
+       if (strscpy(buf2, buf, count) < 0)
+               return -E2BIG;
         memset(&id, 0, sizeof(id));
         id.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
         s = buf2;

I'll send a patch ASAP.

				Jaroslav

--
Jaroslav Kysela <perex@perex.cz>
Linux Sound Maintainer; ALSA Project; Red Hat, Inc.

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy()
@ 2023-01-09 13:36     ` Jaroslav Kysela
  0 siblings, 0 replies; 7+ messages in thread
From: Jaroslav Kysela @ 2023-01-09 13:36 UTC (permalink / raw)
  To: Takashi Iwai, yang.yang29; +Cc: tiwai, alsa-devel, linux-kernel, xu.panda

On 09. 01. 23 13:40, Takashi Iwai wrote:
> On Mon, 09 Jan 2023 12:45:51 +0100,
> <yang.yang29@zte.com.cn> wrote:
>>
>> From: Xu Panda <xu.panda@zte.com.cn>
>>
>> The implementation of strscpy() is more robust and safer.
>> That's now the recommended way to copy NUL-terminated strings.
>>
>> Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
>> Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
>> ---
>>   sound/core/control_led.c | 3 +--
>>   1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/sound/core/control_led.c b/sound/core/control_led.c
>> index f975cc85772b..c88653c205eb 100644
>> --- a/sound/core/control_led.c
>> +++ b/sound/core/control_led.c
>> @@ -534,8 +534,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si
>>   	struct snd_ctl_elem_id id;
>>   	int err;
>>
>> -	strncpy(buf2, buf, len);
>> -	buf2[len] = '\0';
>> +	strncpy(buf2, buf, len + 1);
> 
> Still using strncpy()...?

The original code should be:

diff --git a/sound/core/control_led.c b/sound/core/control_led.c
index f975cc85772b..b44abefcb593 100644
--- a/sound/core/control_led.c
+++ b/sound/core/control_led.c
@@ -530,7 +530,7 @@ static ssize_t set_led_id(struct snd_ctl_led_card 
*led_card, const char *buf, si
                           bool attach)
  {
         char buf2[256], *s, *os;
-       size_t len = max(sizeof(s) - 1, count);
+       size_t len = min(sizeof(buf2) - 1, count);
         struct snd_ctl_elem_id id;
         int err;

But it can be replaced with:

diff --git a/sound/core/control_led.c b/sound/core/control_led.c
index f975cc85772b..41d4e898d34c 100644
--- a/sound/core/control_led.c
+++ b/sound/core/control_led.c
@@ -530,12 +530,11 @@ static ssize_t set_led_id(struct snd_ctl_led_card 
*led_card, const char *buf, si
                           bool attach)
  {
         char buf2[256], *s, *os;
-       size_t len = max(sizeof(s) - 1, count);
         struct snd_ctl_elem_id id;
         int err;

-       strncpy(buf2, buf, len);
-       buf2[len] = '\0';
+       if (strscpy(buf2, buf, count) < 0)
+               return -E2BIG;
         memset(&id, 0, sizeof(id));
         id.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
         s = buf2;

I'll send a patch ASAP.

				Jaroslav

--
Jaroslav Kysela <perex@perex.cz>
Linux Sound Maintainer; ALSA Project; Red Hat, Inc.

^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-01-09 13:39 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-09 11:45 [PATCH linux-next] ALSA: control-led: use strscpy() to instead of strncpy() yang.yang29
2023-01-09 11:45 ` yang.yang29
2023-01-09 12:40 ` Takashi Iwai
2023-01-09 12:40   ` Takashi Iwai
2023-01-09 13:36   ` Jaroslav Kysela
2023-01-09 13:36     ` Jaroslav Kysela
2023-01-09 12:56 ` Takashi Sakamoto

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.