From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932826AbdCLBAG (ORCPT ); Sat, 11 Mar 2017 20:00:06 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:56578 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751325AbdCLA76 (ORCPT ); Sat, 11 Mar 2017 19:59:58 -0500 Date: Sun, 12 Mar 2017 00:59:44 +0000 From: Al Viro To: simran singhal Cc: gregkh@linuxfoundation.org, arve@android.com, riandrews@android.com, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, outreachy-kernel@googlegroups.com Subject: Re: [PATCH] staging: android: Replace strcpy with strlcpy Message-ID: <20170312005944.GL29622@ZenIV.linux.org.uk> References: <20170311204001.GA13301@singhal-Inspiron-5558> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170311204001.GA13301@singhal-Inspiron-5558> User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Mar 12, 2017 at 02:10:01AM +0530, simran singhal wrote: > Replace strcpy with strlcpy as strcpy does not check for buffer > overflow. > This is found using Flawfinder. > > Signed-off-by: simran singhal > --- > drivers/staging/android/ashmem.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c > index 7cbad0d..eb2f4ef 100644 > --- a/drivers/staging/android/ashmem.c > +++ b/drivers/staging/android/ashmem.c > @@ -548,7 +548,8 @@ static int set_name(struct ashmem_area *asma, void __user *name) > if (unlikely(asma->file)) > ret = -EINVAL; > else > - strcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name); > + strlcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name, > + sizeof(asma->name + ASHMEM_NAME_PREFIX_LEN)); Trivial C quiz: given struct ashmem_area { char name[ASHMEM_FULL_NAME_LEN]; struct list_head unpinned_list; struct file *file; size_t size; unsigned long prot_mask; }; static int set_name(struct ashmem_area *asma, void __user *name) what, in your opinion, would be 1) type of asma->name 2) type of asma->name + ASHMEM_NAME_PREFIX_LEN 3) value of sizeof(asma->name + ASHMEM_NAME_PREFIX_LEN) As a bonus question, 4) what is the value of this kind of patches? 1) NFUZRZ_SHYY_ANZR_YRA-ryrzrag neenl bs pune 2) cbvagre gb pune 3) fvmr bs n cbvagre 4) fbpvbybtvpny - ernql-znqr vyyhfgengvbaf bs crevyf bs pnetb phyg.