From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60A6B154AF for ; Wed, 20 Sep 2023 11:44:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4DF3C433C7; Wed, 20 Sep 2023 11:44:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1695210295; bh=0M16DjPMJrR2WtC+pzl1yadYEyBcv/iGhwnVdr4iBbc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Flv5khXu+LZGxfaJ+I5Vg+n+Dzr0fb1MAaNHluAJdqbMh13Cb+vnd9gSoLmveFHrm GWTVaT5zikrBmCjKvN76/CFTNT1BigJ1kb0Oic/IvYuXJJ03kfSx/GONrqgbc5sj8b +ZkEGRbO1Xl6T/hsUxoS8LL6rLbIAO2I8IA6xBHo= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Azeem Shaikh , Kees Cook , Herbert Xu , Sasha Levin Subject: [PATCH 6.5 024/211] crypto: lrw,xts - Replace strlcpy with strscpy Date: Wed, 20 Sep 2023 13:27:48 +0200 Message-ID: <20230920112846.553934130@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230920112845.859868994@linuxfoundation.org> References: <20230920112845.859868994@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.5-stable review patch. If anyone has any objections, please let me know. ------------------ From: Azeem Shaikh [ Upstream commit babb80b3ecc6f40c962e13c654ebcd27f25ee327 ] strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). Direct replacement is safe here since return value of -errno is used to check for truncation instead of sizeof(dest). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh Reviewed-by: Kees Cook Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin --- crypto/lrw.c | 6 +++--- crypto/xts.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/lrw.c b/crypto/lrw.c index 1b0f76ba3eb5e..59260aefed280 100644 --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -357,10 +357,10 @@ static int lrw_create(struct crypto_template *tmpl, struct rtattr **tb) * cipher name. */ if (!strncmp(cipher_name, "ecb(", 4)) { - unsigned len; + int len; - len = strlcpy(ecb_name, cipher_name + 4, sizeof(ecb_name)); - if (len < 2 || len >= sizeof(ecb_name)) + len = strscpy(ecb_name, cipher_name + 4, sizeof(ecb_name)); + if (len < 2) goto err_free_inst; if (ecb_name[len - 1] != ')') diff --git a/crypto/xts.c b/crypto/xts.c index 09be909a6a1aa..548b302c6c6a0 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -396,10 +396,10 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb) * cipher name. */ if (!strncmp(cipher_name, "ecb(", 4)) { - unsigned len; + int len; - len = strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name)); - if (len < 2 || len >= sizeof(ctx->name)) + len = strscpy(ctx->name, cipher_name + 4, sizeof(ctx->name)); + if (len < 2) goto err_free_inst; if (ctx->name[len - 1] != ')') -- 2.40.1