From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AGmk7sbN" Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 547C7CB; Mon, 20 Nov 2023 07:14:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700493266; x=1732029266; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=22qKIvbrgULxlxyf3xmSTybLyjjW9aZHEYq6pWfjelQ=; b=AGmk7sbNCl0eKA72nse3rxU4lhYhOHzM38LOICvGzy98xo1JPBNoscua 7z2qjMB6W/DWRZZqBvH93TXkn3QBMtRPt3ZyaVvCEFF5RgbAaCmcvILb6 plmZkTK9OyOdJzmZvHdASBryKcS1YuwfwhtRQXwnvwF96nKpeDRziPLCP viaIqX4PmGTy+2htEGAgoIc8hvr1cmjTm34Oeeo6D+a5lEZWAFKJEHmzE 3z5zX5Vw110J+u3vkp+FqJ0xZVt3Jam6ye5vCo/1KVESy2grt49gzpZUL Qbx2XCTITmxtNZPrwCwOcWdD2OsNBkkRcfSopi+BoolcHnG+hDHjdmT5A Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10900"; a="394486347" X-IronPort-AV: E=Sophos;i="6.04,214,1695711600"; d="scan'208";a="394486347" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Nov 2023 07:14:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10900"; a="801209698" X-IronPort-AV: E=Sophos;i="6.04,214,1695711600"; d="scan'208";a="801209698" Received: from black.fi.intel.com ([10.237.72.28]) by orsmga001.jf.intel.com with ESMTP; 20 Nov 2023 07:14:22 -0800 Received: by black.fi.intel.com (Postfix, from userid 1003) id 5240C9F; Mon, 20 Nov 2023 17:14:21 +0200 (EET) From: Andy Shevchenko To: Luis Chamberlain , Kees Cook , Andy Shevchenko , linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman Subject: [PATCH v3 2/5] params: Do not go over the limit when getting the string length Date: Mon, 20 Nov 2023 17:11:43 +0200 Message-ID: <20231120151419.1661807-3-andriy.shevchenko@linux.intel.com> X-Mailer: git-send-email 2.43.0.rc1.1.gbec44491f096 In-Reply-To: <20231120151419.1661807-1-andriy.shevchenko@linux.intel.com> References: <20231120151419.1661807-1-andriy.shevchenko@linux.intel.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit We can use strnlen() even on early stages and it prevents from going over the string boundaries in case it's already too long. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Andy Shevchenko --- kernel/params.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/params.c b/kernel/params.c index 626fa8265932..f8e3c4139854 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -260,7 +260,10 @@ EXPORT_SYMBOL_GPL(param_set_uint_minmax); int param_set_charp(const char *val, const struct kernel_param *kp) { - if (strlen(val) > 1024) { + size_t len, maxlen = 1024; + + len = strnlen(val, maxlen + 1); + if (len == maxlen + 1) { pr_err("%s: string parameter too long\n", kp->name); return -ENOSPC; } @@ -270,7 +273,7 @@ int param_set_charp(const char *val, const struct kernel_param *kp) /* This is a hack. We can't kmalloc in early boot, and we * don't need to; this mangled commandline is preserved. */ if (slab_is_available()) { - *(char **)kp->arg = kmalloc_parameter(strlen(val)+1); + *(char **)kp->arg = kmalloc_parameter(len + 1); if (!*(char **)kp->arg) return -ENOMEM; strcpy(*(char **)kp->arg, val); @@ -508,7 +511,7 @@ int param_set_copystring(const char *val, const struct kernel_param *kp) { const struct kparam_string *kps = kp->str; - if (strlen(val)+1 > kps->maxlen) { + if (strnlen(val, kps->maxlen) == kps->maxlen) { pr_err("%s: string doesn't fit in %u chars.\n", kp->name, kps->maxlen-1); return -ENOSPC; -- 2.43.0.rc1.1.gbec44491f096