* [PATCH] Staging: exfat: Avoid use of strcpy @ 2019-09-11 5:57 Sandro Volery 2019-09-11 8:41 ` Dan Carpenter 0 siblings, 1 reply; 3+ messages in thread From: Sandro Volery @ 2019-09-11 5:57 UTC (permalink / raw) To: valdis.kletnieks, gregkh, devel, linux-kernel Replaced strcpy with strscpy in exfat_core.c. Signed-off-by: Sandro Volery <sandro@volery.com> --- drivers/staging/exfat/exfat_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/exfat/exfat_core.c b/drivers/staging/exfat/exfat_core.c index da8c58149c35..c71b145e8a24 100644 --- a/drivers/staging/exfat/exfat_core.c +++ b/drivers/staging/exfat/exfat_core.c @@ -2964,7 +2964,7 @@ s32 resolve_path(struct inode *inode, char *path, struct chain_t *p_dir, if (strlen(path) >= (MAX_NAME_LENGTH * MAX_CHARSET_SIZE)) return FFS_INVALIDPATH; - strcpy(name_buf, path); + strscpy(name_buf, path, sizeof(name_buf)); nls_cstring_to_uniname(sb, p_uniname, name_buf, &lossy); if (lossy) -- 2.23.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Staging: exfat: Avoid use of strcpy 2019-09-11 5:57 [PATCH] Staging: exfat: Avoid use of strcpy Sandro Volery @ 2019-09-11 8:41 ` Dan Carpenter 2019-09-11 8:56 ` Rasmus Villemoes 0 siblings, 1 reply; 3+ messages in thread From: Dan Carpenter @ 2019-09-11 8:41 UTC (permalink / raw) To: Sandro Volery; +Cc: valdis.kletnieks, gregkh, devel, linux-kernel On Wed, Sep 11, 2019 at 07:57:49AM +0200, Sandro Volery wrote: > Replaced strcpy with strscpy in exfat_core.c. > > Signed-off-by: Sandro Volery <sandro@volery.com> > --- > drivers/staging/exfat/exfat_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/exfat/exfat_core.c b/drivers/staging/exfat/exfat_core.c > index da8c58149c35..c71b145e8a24 100644 > --- a/drivers/staging/exfat/exfat_core.c > +++ b/drivers/staging/exfat/exfat_core.c > @@ -2964,7 +2964,7 @@ s32 resolve_path(struct inode *inode, char *path, struct chain_t *p_dir, > if (strlen(path) >= (MAX_NAME_LENGTH * MAX_CHARSET_SIZE)) > return FFS_INVALIDPATH; > > - strcpy(name_buf, path); > + strscpy(name_buf, path, sizeof(name_buf)); It checked strlen() earlier so we know that it can't overflow but, oh wow, the "name_buf" is a shared buffer. wow wow wow. This seems very racy. regards, dan carpenter ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Staging: exfat: Avoid use of strcpy 2019-09-11 8:41 ` Dan Carpenter @ 2019-09-11 8:56 ` Rasmus Villemoes 0 siblings, 0 replies; 3+ messages in thread From: Rasmus Villemoes @ 2019-09-11 8:56 UTC (permalink / raw) To: Dan Carpenter, Sandro Volery Cc: valdis.kletnieks, gregkh, devel, linux-kernel On 11/09/2019 10.41, Dan Carpenter wrote: > On Wed, Sep 11, 2019 at 07:57:49AM +0200, Sandro Volery wrote: >> Replaced strcpy with strscpy in exfat_core.c. >> >> Signed-off-by: Sandro Volery <sandro@volery.com> >> --- >> drivers/staging/exfat/exfat_core.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/staging/exfat/exfat_core.c b/drivers/staging/exfat/exfat_core.c >> index da8c58149c35..c71b145e8a24 100644 >> --- a/drivers/staging/exfat/exfat_core.c >> +++ b/drivers/staging/exfat/exfat_core.c >> @@ -2964,7 +2964,7 @@ s32 resolve_path(struct inode *inode, char *path, struct chain_t *p_dir, >> if (strlen(path) >= (MAX_NAME_LENGTH * MAX_CHARSET_SIZE)) >> return FFS_INVALIDPATH; >> >> - strcpy(name_buf, path); >> + strscpy(name_buf, path, sizeof(name_buf)); > > It checked strlen() earlier so we know that it can't overflow but, oh > wow, the "name_buf" is a shared buffer. wow wow wow. This seems very > racy. Yeah, and note that the callers of resolve_path do seem to take a lock, but that's not a global lock but a per-superblock (or per-something-else) one... Obviously exfat should not rely on such a single static buffer, but in the meantime, perhaps one should add a name_buf_lock (though I don't know how long name_buf is actually in use, so that needs checking). Apart from the broken/lack of locking, it would be better to combine the copying and length checking into a single check - i.e. do if (strscpy(name_buf, path, sizeof(name_buf)) < 0) return FFS_INVALIDPATH; That's both more efficient and fixes the open-coding of sizeof(name_buf) that is currently used in the if(). Rasmus ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-09-11 8:56 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-09-11 5:57 [PATCH] Staging: exfat: Avoid use of strcpy Sandro Volery 2019-09-11 8:41 ` Dan Carpenter 2019-09-11 8:56 ` Rasmus Villemoes
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox