From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755555AbdCLBMW (ORCPT ); Sat, 11 Mar 2017 20:12:22 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:56740 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753423AbdCLBMP (ORCPT ); Sat, 11 Mar 2017 20:12:15 -0500 Date: Sun, 12 Mar 2017 01:11:40 +0000 From: Al Viro To: Julia Lawall Cc: simran singhal , gregkh@linuxfoundation.org, arve@android.com, riandrews@android.com, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, outreachy-kernel@googlegroups.com Subject: Re: [Outreachy kernel] [PATCH] staging: android: Replace strcpy with strlcpy Message-ID: <20170312011135.GM29622@ZenIV.linux.org.uk> References: <20170311204001.GA13301@singhal-Inspiron-5558> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 11, 2017 at 09:47:30PM +0100, Julia Lawall wrote: > > > On Sun, 12 Mar 2017, simran singhal wrote: > > > Replace strcpy with strlcpy as strcpy does not check for buffer > > overflow. > > This is found using Flawfinder. > > > > Signed-off-by: simran singhal > > --- > > drivers/staging/android/ashmem.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c > > index 7cbad0d..eb2f4ef 100644 > > --- a/drivers/staging/android/ashmem.c > > +++ b/drivers/staging/android/ashmem.c > > @@ -548,7 +548,8 @@ static int set_name(struct ashmem_area *asma, void __user *name) > > if (unlikely(asma->file)) > > ret = -EINVAL; > > else > > - strcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name); > > + strlcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name, > > + sizeof(asma->name + ASHMEM_NAME_PREFIX_LEN)); > > There is a parenthesis in the wrong place. Worse - moving parenthesis to just after asma->name would result in interestingly bogus value (size + amount skipped instead of size - amount skipped). Folks, blind changes in name of security are seriously counterproductive; fortunately, in this particular case overflow prevention is taken care of by earlier code (source of strcpy is a local array of size that isn't enough to cause trouble and it is NUL-terminated), so that particular strlcpy() is simply pointless, but if not for that... Variant with sizeof(asma->name) + ASHMEM_NAME_PREFIX_LEN would've invited an overflow *and* made it harder to spot in the future - "it uses strlcpy, no worries about overflows here"...