[PATCH] bpf: Replace all non-returning strlcpy with strscpy

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] bpf: Replace all non-returning strlcpy with strscpy
@ 2023-05-30 15:56 Azeem Shaikh
  2023-05-30 23:17 ` Kees Cook
  2023-05-31 11:10 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Azeem Shaikh @ 2023-05-30 15:56 UTC (permalink / raw)
  To: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko
  Cc: linux-hardening, Azeem Shaikh, Martin KaFai Lau, Song Liu,
	Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev,
	Hao Luo, Jiri Olsa, bpf, linux-kernel, Ilya Leoshkevich

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
---
 kernel/bpf/preload/bpf_preload_kern.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/preload/bpf_preload_kern.c b/kernel/bpf/preload/bpf_preload_kern.c
index b56f9f3314fd..0c63bc2cd895 100644
--- a/kernel/bpf/preload/bpf_preload_kern.c
+++ b/kernel/bpf/preload/bpf_preload_kern.c
@@ -23,9 +23,9 @@ static void free_links_and_skel(void)
 
 static int preload(struct bpf_preload_info *obj)
 {
-	strlcpy(obj[0].link_name, "maps.debug", sizeof(obj[0].link_name));
+	strscpy(obj[0].link_name, "maps.debug", sizeof(obj[0].link_name));
 	obj[0].link = maps_link;
-	strlcpy(obj[1].link_name, "progs.debug", sizeof(obj[1].link_name));
+	strscpy(obj[1].link_name, "progs.debug", sizeof(obj[1].link_name));
 	obj[1].link = progs_link;
 	return 0;
 }


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] bpf: Replace all non-returning strlcpy with strscpy
  2023-05-30 15:56 [PATCH] bpf: Replace all non-returning strlcpy with strscpy Azeem Shaikh
@ 2023-05-30 23:17 ` Kees Cook
  2023-05-31 11:10 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Kees Cook @ 2023-05-30 23:17 UTC (permalink / raw)
  To: Azeem Shaikh
  Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko,
	linux-hardening, Martin KaFai Lau, Song Liu, Yonghong Song,
	John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa,
	bpf, linux-kernel, Ilya Leoshkevich

On Tue, May 30, 2023 at 03:56:59PM +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
> 
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] bpf: Replace all non-returning strlcpy with strscpy
  2023-05-30 15:56 [PATCH] bpf: Replace all non-returning strlcpy with strscpy Azeem Shaikh
  2023-05-30 23:17 ` Kees Cook
@ 2023-05-31 11:10 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-05-31 11:10 UTC (permalink / raw)
  To: Azeem Shaikh
  Cc: ast, daniel, andrii, linux-hardening, martin.lau, song, yhs,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bpf, linux-kernel,
	iii

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Daniel Borkmann <daniel@iogearbox.net>:

On Tue, 30 May 2023 15:56:59 +0000 you wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [...]

Here is the summary with links:
  - bpf: Replace all non-returning strlcpy with strscpy
    https://git.kernel.org/bpf/bpf-next/c/ffadc372529e

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-05-31 11:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-30 15:56 [PATCH] bpf: Replace all non-returning strlcpy with strscpy Azeem Shaikh
2023-05-30 23:17 ` Kees Cook
2023-05-31 11:10 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox