From: Mimi Zohar <zohar@linux.ibm.com>
To: Romain Perier <romain.perier@gmail.com>,
Kees Cook <keescook@chromium.org>,
kernel-hardening@lists.openwall.com,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 06/20] ima: Manual replacement of the deprecated strlcpy() with return values
Date: Tue, 02 Mar 2021 08:29:58 -0500 [thread overview]
Message-ID: <1a679c59345b02f10e425c8c5c55efd901dc714d.camel@linux.ibm.com> (raw)
In-Reply-To: <20210222151231.22572-7-romain.perier@gmail.com>
On Mon, 2021-02-22 at 16:12 +0100, Romain Perier wrote:
> The strlcpy() reads the entire source buffer first, it is dangerous if
> the source buffer lenght is unbounded or possibility non NULL-terminated.
As other's have pointed out, "lenght" -> length.
> It can lead to linear read overflows, crashes, etc...
>
> As recommended in the deprecated interfaces [1], it should be replaced
> by strscpy.
>
> This commit replaces all calls to strlcpy that handle the return values
> by the corresponding strscpy calls with new handling of the return
> values (as it is quite different between the two functions).
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
>
> Signed-off-by: Romain Perier <romain.perier@gmail.com>
> ---
> security/integrity/ima/ima_policy.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 9b45d064a87d..1a905b8b064f 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -790,8 +790,14 @@ static int __init ima_init_arch_policy(void)
> for (rules = arch_rules, i = 0; *rules != NULL; rules++) {
> char rule[255];
> int result;
> + ssize_t len;
>
> - result = strlcpy(rule, *rules, sizeof(rule));
> + len = strscpy(rule, *rules, sizeof(rule));
> + if (len == -E2BIG) {
> + pr_warn("Internal copy of architecture policy rule '%s' "
> + "failed. Skipping.\n", *rules);
"arch_rules" is an array of hard coded strings. The generic reason
for replacing strlcpy with strscpy doesn't seem applicable; however,
the additonal warning is appropriate.
(User-visible strings are not bound to the 80 column length. Breaking
up the line like this is fine, but unnecessary.)
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
thanks,
Mimi
> + continue;
> + }
>
> INIT_LIST_HEAD(&arch_policy_entry[i].list);
> result = ima_parse_rule(rule, &arch_policy_entry[i]);
>
next prev parent reply other threads:[~2021-03-03 1:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-22 15:12 [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy Romain Perier
2021-02-22 15:12 ` [PATCH 06/20] ima: Manual replacement of the deprecated strlcpy() with return values Romain Perier
2021-03-02 13:29 ` Mimi Zohar [this message]
2021-02-22 16:36 ` [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1a679c59345b02f10e425c8c5c55efd901dc714d.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=romain.perier@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).