From: Jarkko Sakkinen <jarkko@kernel.org>
To: Palash Oswal <hello@oswalpalash.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ima: Replacing deprecated strlcpy with strscpy ~~~~~~~~~ Replace
Date: Fri, 19 Feb 2021 19:38:39 +0200 [thread overview]
Message-ID: <YC/3n585TNJ500Ps@kernel.org> (raw)
Reply-To:
In-Reply-To: <20210219084038.GA7564@g3.oswalpalash.com>
On Fri, Feb 19, 2021 at 02:10:38PM +0530, Palash Oswal wrote:
> The strlcpy() function is unsafe in that the source buffer length
> is unbounded or possibly be non NULL terminated. This can cause
> memory over-reads, crashes, etc.
>
> Link: https://github.com/KSPP/linux/issues/89
> Signed-off-by: Palash Oswal <hello@oswalpalash.com>
The long description does not explain what the commit does, and
does not include any details about deprecation of strlcpy(), which
at least I'm not aware of.
I don't think *length* ever is NULL terminated. The first sentence
is somewhat weird. Also strlcpy() does have a bounds check.
Generally, the description and reasoning is sloppy to say the
least.
/Jarkko
> ---
> security/integrity/ima/ima_api.c | 2 +-
> security/integrity/ima/ima_policy.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
> index 1dd70dc68ffd..2f3b8257181d 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -399,7 +399,7 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
> }
>
> if (!pathname) {
> - strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);
> + strscpy(namebuf, path->dentry->d_name.name, NAME_MAX);
> pathname = namebuf;
> }
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 9b45d064a87d..010839aef6ba 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -791,7 +791,7 @@ static int __init ima_init_arch_policy(void)
> char rule[255];
> int result;
>
> - result = strlcpy(rule, *rules, sizeof(rule));
> + strscpy(rule, *rules, sizeof(rule));
>
> INIT_LIST_HEAD(&arch_policy_entry[i].list);
> result = ima_parse_rule(rule, &arch_policy_entry[i]);
>
> base-commit: f6692213b5045dc461ce0858fb18cf46f328c202
> --
> 2.27.0
>
>
next reply other threads:[~2021-02-19 17:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-19 17:38 Jarkko Sakkinen [this message]
2021-03-02 7:52 ` [PATCH] ima: Replacing deprecated strlcpy with strscpy ~~~~~~~~~ Replace Palash Oswal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YC/3n585TNJ500Ps@kernel.org \
--to=jarkko@kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=hello@oswalpalash.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.