From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Linux Media Mailing List <linux-media@vger.kernel.org>,
Mauro Carvalho Chehab <mchehab@infradead.org>
Subject: Re: [PATCH 3/3] media: replace strncpy() by strscpy()
Date: Mon, 10 Sep 2018 15:34:17 -0300 [thread overview]
Message-ID: <20180910153417.07c6715f@coco.lan> (raw)
In-Reply-To: <CAGXu5jK9T86We8eNGLNa-9i9iPvFTdZ_4Y0zzuvWVkr6MgZTzA@mail.gmail.com>
Em Mon, 10 Sep 2018 09:18:05 -0700
Kees Cook <keescook@chromium.org> escreveu:
> On Mon, Sep 10, 2018 at 5:19 AM, Mauro Carvalho Chehab
> <mchehab+samsung@kernel.org> wrote:
> > The strncpy() function is being deprecated upstream. Replace
> > it by the safer strscpy().
>
> This one I'm quite concerned about. This could lead to kernel memory
> exposures if any of the callers depend on strncpy()'s trailing
> NUL-padding to clear a buffer of prior contents.
>
> How did you validate that for these changes?
That's actually easy for those familiar with the V4L2 API. There are
several fields at either uAPI or kAPI (or both) that have strings.
For example, a video input has a name.
So, for one familiar with the V4L2 API, it is clear that something
like:
+ strscpy(inp->name, zr->card.input[inp->index].name,
+ sizeof(inp->name));
Is just filling the uAPI with the name of Input, with is, typically,
something like:
S-Video
Television
Radio
Composite
A visual inspection of the patch shows that, on almost all cases, it is
either filling a device driver's name (used mainly for debug routines),
a video Input, a format description string, or the video caps fields
name and driver.
Thanks,
Mauro
next prev parent reply other threads:[~2018-09-10 23:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-10 12:19 [PATCH 0/3] Use only strscpy() for string copy Mauro Carvalho Chehab
2018-09-10 12:19 ` [PATCH 1/3] media: use strscpy() instead of strlcpy() Mauro Carvalho Chehab
2018-09-10 16:13 ` Kees Cook
2018-09-11 15:55 ` Hans Verkuil
2018-09-10 12:19 ` [PATCH 2/3] media: replace strcpy() by strscpy() Mauro Carvalho Chehab
2018-09-10 16:16 ` Kees Cook
2018-09-10 19:48 ` Mauro Carvalho Chehab
2018-09-10 20:14 ` Mauro Carvalho Chehab
2018-09-10 20:20 ` [PATCH 2/3 v2] " Mauro Carvalho Chehab
2018-09-11 15:54 ` Hans Verkuil
2018-09-10 12:19 ` [PATCH 3/3] media: replace strncpy() " Mauro Carvalho Chehab
2018-09-10 16:18 ` Kees Cook
2018-09-10 18:34 ` Mauro Carvalho Chehab [this message]
2018-09-10 20:38 ` Kees Cook
2018-09-12 7:04 ` Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180910153417.07c6715f@coco.lan \
--to=mchehab+samsung@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox