From: Jarkko Sakkinen <jarkko@kernel.org>
To: Palash Oswal <hello@oswalpalash.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ima: Replacing deprecated strlcpy with strscpy ~~~~~~~~~ Replace
Date: Fri, 19 Feb 2021 19:38:39 +0200 [thread overview]
Message-ID: <YC/3n585TNJ500Ps@kernel.org> (raw)
Reply-To:
In-Reply-To: <20210219084038.GA7564@g3.oswalpalash.com>
On Fri, Feb 19, 2021 at 02:10:38PM +0530, Palash Oswal wrote:
> The strlcpy() function is unsafe in that the source buffer length
> is unbounded or possibly be non NULL terminated. This can cause
> memory over-reads, crashes, etc.
>
> Link: https://github.com/KSPP/linux/issues/89
> Signed-off-by: Palash Oswal <hello@oswalpalash.com>
The long description does not explain what the commit does, and
does not include any details about deprecation of strlcpy(), which
at least I'm not aware of.
I don't think *length* ever is NULL terminated. The first sentence
is somewhat weird. Also strlcpy() does have a bounds check.
Generally, the description and reasoning is sloppy to say the
least.
/Jarkko
> ---
> security/integrity/ima/ima_api.c | 2 +-
> security/integrity/ima/ima_policy.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
> index 1dd70dc68ffd..2f3b8257181d 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -399,7 +399,7 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
> }
>
> if (!pathname) {
> - strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);
> + strscpy(namebuf, path->dentry->d_name.name, NAME_MAX);
> pathname = namebuf;
> }
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 9b45d064a87d..010839aef6ba 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -791,7 +791,7 @@ static int __init ima_init_arch_policy(void)
> char rule[255];
> int result;
>
> - result = strlcpy(rule, *rules, sizeof(rule));
> + strscpy(rule, *rules, sizeof(rule));
>
> INIT_LIST_HEAD(&arch_policy_entry[i].list);
> result = ima_parse_rule(rule, &arch_policy_entry[i]);
>
> base-commit: f6692213b5045dc461ce0858fb18cf46f328c202
> --
> 2.27.0
>
>
next reply other threads:[~2021-02-19 17:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-19 17:38 Jarkko Sakkinen [this message]
2021-03-02 7:52 ` [PATCH] ima: Replacing deprecated strlcpy with strscpy ~~~~~~~~~ Replace Palash Oswal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YC/3n585TNJ500Ps@kernel.org \
--to=jarkko@kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=hello@oswalpalash.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).