[PATCH] HID: wacom: Check for string overflow from strscpy calls

linux-input.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] HID: wacom: Check for string overflow from strscpy calls
@ 2023-04-14 18:22 Jason Gerecke
  2023-04-28 17:32 ` Jason Gerecke
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jason Gerecke @ 2023-04-14 18:22 UTC (permalink / raw)
  To: linux-input, Benjamin Tissoires, Jiri Kosina
  Cc: Ping Cheng, Aaron Armstrong Skomra, Joshua Dickens, Jason Gerecke,
	Jason Gerecke, Ping Cheng

From: Jason Gerecke <killertofu@gmail.com>

The strscpy function is able to return an error code when a copy would
overflow the size of the destination. The copy is stopped and the buffer
terminated before overflow actually occurs so it is safe to continue
execution, but we should still produce a warning should this occur.

Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
---
 drivers/hid/wacom_sys.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
index 8214896adadad..7192970d199a0 100644
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2224,7 +2224,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
 		} else if (strstr(product_name, "Wacom") ||
 			   strstr(product_name, "wacom") ||
 			   strstr(product_name, "WACOM")) {
-			strscpy(name, product_name, sizeof(name));
+			if (strscpy(name, product_name, sizeof(name)) < 0) {
+				hid_warn(wacom->hdev, "String overflow while assembling device name");
+			}
 		} else {
 			snprintf(name, sizeof(name), "Wacom %s", product_name);
 		}
@@ -2242,7 +2244,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
 		if (name[strlen(name)-1] == ' ')
 			name[strlen(name)-1] = '\0';
 	} else {
-		strscpy(name, features->name, sizeof(name));
+		if (strscpy(name, features->name, sizeof(name)) < 0) {
+			hid_warn(wacom->hdev, "String overflow while assembling device name");
+		}
 	}
 
 	snprintf(wacom_wac->name, sizeof(wacom_wac->name), "%s%s",
@@ -2500,8 +2504,10 @@ static void wacom_wireless_work(struct work_struct *work)
 				goto fail;
 		}
 
-		strscpy(wacom_wac->name, wacom_wac1->name,
-			sizeof(wacom_wac->name));
+		if (strscpy(wacom_wac->name, wacom_wac1->name,
+			sizeof(wacom_wac->name)) < 0) {
+			hid_warn(wacom->hdev, "String overflow while assembling device name");
+		}
 	}
 
 	return;
-- 
2.40.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] HID: wacom: Check for string overflow from strscpy calls
  2023-04-14 18:22 [PATCH] HID: wacom: Check for string overflow from strscpy calls Jason Gerecke
@ 2023-04-28 17:32 ` Jason Gerecke
  2023-05-04  4:34 ` Peter Hutterer
  2023-05-23 13:07 ` Jiri Kosina
  2 siblings, 0 replies; 5+ messages in thread
From: Jason Gerecke @ 2023-04-28 17:32 UTC (permalink / raw)
  To: linux-input, Benjamin Tissoires, Jiri Kosina
  Cc: Ping Cheng, Aaron Armstrong Skomra, Joshua Dickens, Jason Gerecke,
	Ping Cheng

On Fri, Apr 14, 2023 at 11:22 AM Jason Gerecke <killertofu@gmail.com> wrote:
>
> From: Jason Gerecke <killertofu@gmail.com>
>
> The strscpy function is able to return an error code when a copy would
> overflow the size of the destination. The copy is stopped and the buffer
> terminated before overflow actually occurs so it is safe to continue
> execution, but we should still produce a warning should this occur.
>
> Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
> Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
> ---
>  drivers/hid/wacom_sys.c | 14 ++++++++++----
>  1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
> index 8214896adadad..7192970d199a0 100644
> --- a/drivers/hid/wacom_sys.c
> +++ b/drivers/hid/wacom_sys.c
> @@ -2224,7 +2224,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
>                 } else if (strstr(product_name, "Wacom") ||
>                            strstr(product_name, "wacom") ||
>                            strstr(product_name, "WACOM")) {
> -                       strscpy(name, product_name, sizeof(name));
> +                       if (strscpy(name, product_name, sizeof(name)) < 0) {
> +                               hid_warn(wacom->hdev, "String overflow while assembling device name");
> +                       }
>                 } else {
>                         snprintf(name, sizeof(name), "Wacom %s", product_name);
>                 }
> @@ -2242,7 +2244,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
>                 if (name[strlen(name)-1] == ' ')
>                         name[strlen(name)-1] = '\0';
>         } else {
> -               strscpy(name, features->name, sizeof(name));
> +               if (strscpy(name, features->name, sizeof(name)) < 0) {
> +                       hid_warn(wacom->hdev, "String overflow while assembling device name");
> +               }
>         }
>
>         snprintf(wacom_wac->name, sizeof(wacom_wac->name), "%s%s",
> @@ -2500,8 +2504,10 @@ static void wacom_wireless_work(struct work_struct *work)
>                                 goto fail;
>                 }
>
> -               strscpy(wacom_wac->name, wacom_wac1->name,
> -                       sizeof(wacom_wac->name));
> +               if (strscpy(wacom_wac->name, wacom_wac1->name,
> +                       sizeof(wacom_wac->name)) < 0) {
> +                       hid_warn(wacom->hdev, "String overflow while assembling device name");
> +               }
>         }
>
>         return;
> --
> 2.40.0
>

Poking this thread again in case it got lost in the inbox...

Jason
---
Now instead of four in the eights place /
you’ve got three, ‘Cause you added one  /
(That is to say, eight) to the two,     /
But you can’t take seven from three,    /
So you look at the sixty-fours....

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] HID: wacom: Check for string overflow from strscpy calls
  2023-04-14 18:22 [PATCH] HID: wacom: Check for string overflow from strscpy calls Jason Gerecke
  2023-04-28 17:32 ` Jason Gerecke
@ 2023-05-04  4:34 ` Peter Hutterer
  2023-05-17 16:51   ` Jason Gerecke
  2023-05-23 13:07 ` Jiri Kosina
  2 siblings, 1 reply; 5+ messages in thread
From: Peter Hutterer @ 2023-05-04  4:34 UTC (permalink / raw)
  To: Jason Gerecke
  Cc: linux-input, Benjamin Tissoires, Jiri Kosina, Ping Cheng,
	Aaron Armstrong Skomra, Joshua Dickens, Jason Gerecke, Ping Cheng

On Fri, Apr 14, 2023 at 11:22:10AM -0700, Jason Gerecke wrote:
> From: Jason Gerecke <killertofu@gmail.com>
> 
> The strscpy function is able to return an error code when a copy would
> overflow the size of the destination. The copy is stopped and the buffer
> terminated before overflow actually occurs so it is safe to continue
> execution, but we should still produce a warning should this occur.
> 
> Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
> Reviewed-by: Ping Cheng <ping.cheng@wacom.com>

Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

Cheers,
  Peter

> ---
>  drivers/hid/wacom_sys.c | 14 ++++++++++----
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
> index 8214896adadad..7192970d199a0 100644
> --- a/drivers/hid/wacom_sys.c
> +++ b/drivers/hid/wacom_sys.c
> @@ -2224,7 +2224,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
>  		} else if (strstr(product_name, "Wacom") ||
>  			   strstr(product_name, "wacom") ||
>  			   strstr(product_name, "WACOM")) {
> -			strscpy(name, product_name, sizeof(name));
> +			if (strscpy(name, product_name, sizeof(name)) < 0) {
> +				hid_warn(wacom->hdev, "String overflow while assembling device name");
> +			}
>  		} else {
>  			snprintf(name, sizeof(name), "Wacom %s", product_name);
>  		}
> @@ -2242,7 +2244,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
>  		if (name[strlen(name)-1] == ' ')
>  			name[strlen(name)-1] = '\0';
>  	} else {
> -		strscpy(name, features->name, sizeof(name));
> +		if (strscpy(name, features->name, sizeof(name)) < 0) {
> +			hid_warn(wacom->hdev, "String overflow while assembling device name");
> +		}
>  	}
>  
>  	snprintf(wacom_wac->name, sizeof(wacom_wac->name), "%s%s",
> @@ -2500,8 +2504,10 @@ static void wacom_wireless_work(struct work_struct *work)
>  				goto fail;
>  		}
>  
> -		strscpy(wacom_wac->name, wacom_wac1->name,
> -			sizeof(wacom_wac->name));
> +		if (strscpy(wacom_wac->name, wacom_wac1->name,
> +			sizeof(wacom_wac->name)) < 0) {
> +			hid_warn(wacom->hdev, "String overflow while assembling device name");
> +		}
>  	}
>  
>  	return;
> -- 
> 2.40.0
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] HID: wacom: Check for string overflow from strscpy calls
  2023-05-04  4:34 ` Peter Hutterer
@ 2023-05-17 16:51   ` Jason Gerecke
  0 siblings, 0 replies; 5+ messages in thread
From: Jason Gerecke @ 2023-05-17 16:51 UTC (permalink / raw)
  To: Peter Hutterer
  Cc: linux-input, Benjamin Tissoires, Jiri Kosina, Ping Cheng,
	Aaron Armstrong Skomra, Joshua Dickens, Jason Gerecke, Ping Cheng

On Wed, May 3, 2023 at 9:34 PM Peter Hutterer <peter.hutterer@who-t.net> wrote:
>
> On Fri, Apr 14, 2023 at 11:22:10AM -0700, Jason Gerecke wrote:
> > From: Jason Gerecke <killertofu@gmail.com>
> >
> > The strscpy function is able to return an error code when a copy would
> > overflow the size of the destination. The copy is stopped and the buffer
> > terminated before overflow actually occurs so it is safe to continue
> > execution, but we should still produce a warning should this occur.
> >
> > Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
> > Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
>
> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
>
> Cheers,
>   Peter
>

Sending another request for follow-up.

Jason

> > ---
> >  drivers/hid/wacom_sys.c | 14 ++++++++++----
> >  1 file changed, 10 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
> > index 8214896adadad..7192970d199a0 100644
> > --- a/drivers/hid/wacom_sys.c
> > +++ b/drivers/hid/wacom_sys.c
> > @@ -2224,7 +2224,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
> >               } else if (strstr(product_name, "Wacom") ||
> >                          strstr(product_name, "wacom") ||
> >                          strstr(product_name, "WACOM")) {
> > -                     strscpy(name, product_name, sizeof(name));
> > +                     if (strscpy(name, product_name, sizeof(name)) < 0) {
> > +                             hid_warn(wacom->hdev, "String overflow while assembling device name");
> > +                     }
> >               } else {
> >                       snprintf(name, sizeof(name), "Wacom %s", product_name);
> >               }
> > @@ -2242,7 +2244,9 @@ static void wacom_update_name(struct wacom *wacom, const char *suffix)
> >               if (name[strlen(name)-1] == ' ')
> >                       name[strlen(name)-1] = '\0';
> >       } else {
> > -             strscpy(name, features->name, sizeof(name));
> > +             if (strscpy(name, features->name, sizeof(name)) < 0) {
> > +                     hid_warn(wacom->hdev, "String overflow while assembling device name");
> > +             }
> >       }
> >
> >       snprintf(wacom_wac->name, sizeof(wacom_wac->name), "%s%s",
> > @@ -2500,8 +2504,10 @@ static void wacom_wireless_work(struct work_struct *work)
> >                               goto fail;
> >               }
> >
> > -             strscpy(wacom_wac->name, wacom_wac1->name,
> > -                     sizeof(wacom_wac->name));
> > +             if (strscpy(wacom_wac->name, wacom_wac1->name,
> > +                     sizeof(wacom_wac->name)) < 0) {
> > +                     hid_warn(wacom->hdev, "String overflow while assembling device name");
> > +             }
> >       }
> >
> >       return;
> > --
> > 2.40.0
> >

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] HID: wacom: Check for string overflow from strscpy calls
  2023-04-14 18:22 [PATCH] HID: wacom: Check for string overflow from strscpy calls Jason Gerecke
  2023-04-28 17:32 ` Jason Gerecke
  2023-05-04  4:34 ` Peter Hutterer
@ 2023-05-23 13:07 ` Jiri Kosina
  2 siblings, 0 replies; 5+ messages in thread
From: Jiri Kosina @ 2023-05-23 13:07 UTC (permalink / raw)
  To: Jason Gerecke
  Cc: linux-input, Benjamin Tissoires, Ping Cheng,
	Aaron Armstrong Skomra, Joshua Dickens, Jason Gerecke, Ping Cheng

On Fri, 14 Apr 2023, Jason Gerecke wrote:

> From: Jason Gerecke <killertofu@gmail.com>
> 
> The strscpy function is able to return an error code when a copy would
> overflow the size of the destination. The copy is stopped and the buffer
> terminated before overflow actually occurs so it is safe to continue
> execution, but we should still produce a warning should this occur.
> 
> Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
> Reviewed-by: Ping Cheng <ping.cheng@wacom.com>

Now applied, sorry for the delay.

-- 
Jiri Kosina
SUSE Labs


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-05-23 13:07 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-14 18:22 [PATCH] HID: wacom: Check for string overflow from strscpy calls Jason Gerecke
2023-04-28 17:32 ` Jason Gerecke
2023-05-04  4:34 ` Peter Hutterer
2023-05-17 16:51   ` Jason Gerecke
2023-05-23 13:07 ` Jiri Kosina

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).