[PATCH] KEYS: Replace all non-returning strlcpy with strscpy

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
@ 2023-05-18  4:15 Azeem Shaikh
  2023-05-18 18:01 ` Jarkko Sakkinen
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Azeem Shaikh @ 2023-05-18  4:15 UTC (permalink / raw)
  To: David Howells, Jarkko Sakkinen
  Cc: linux-hardening, Azeem Shaikh, keyrings, linux-kernel, Paul Moore,
	James Morris, Serge E. Hallyn, linux-security-module

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
---
 security/keys/request_key_auth.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 41e9735006d0..8f33cd170e42 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
 	if (!rka->callout_info)
 		goto error_free_rka;
 	rka->callout_len = callout_len;
-	strlcpy(rka->op, op, sizeof(rka->op));
+	strscpy(rka->op, op, sizeof(rka->op));
 
 	/* see if the calling process is already servicing the key request of
 	 * another process */


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
  2023-05-18  4:15 [PATCH] KEYS: Replace all non-returning strlcpy with strscpy Azeem Shaikh
@ 2023-05-18 18:01 ` Jarkko Sakkinen
  2023-05-18 18:01 ` Jarkko Sakkinen
  2023-05-22 19:39 ` Kees Cook
  2 siblings, 0 replies; 7+ messages in thread
From: Jarkko Sakkinen @ 2023-05-18 18:01 UTC (permalink / raw)
  To: Azeem Shaikh, David Howells
  Cc: linux-hardening, keyrings, linux-kernel, Paul Moore, James Morris,
	Serge E. Hallyn, linux-security-module

On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first. This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> ---
>  security/keys/request_key_auth.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> index 41e9735006d0..8f33cd170e42 100644
> --- a/security/keys/request_key_auth.c
> +++ b/security/keys/request_key_auth.c
> @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
>  	if (!rka->callout_info)
>  		goto error_free_rka;
>  	rka->callout_len = callout_len;
> -	strlcpy(rka->op, op, sizeof(rka->op));
> +	strscpy(rka->op, op, sizeof(rka->op));
>  
>  	/* see if the calling process is already servicing the key request of
>  	 * another process */

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
  2023-05-18  4:15 [PATCH] KEYS: Replace all non-returning strlcpy with strscpy Azeem Shaikh
  2023-05-18 18:01 ` Jarkko Sakkinen
@ 2023-05-18 18:01 ` Jarkko Sakkinen
  2023-05-19 21:11   ` Paul Moore
  2023-05-22 19:39 ` Kees Cook
  2 siblings, 1 reply; 7+ messages in thread
From: Jarkko Sakkinen @ 2023-05-18 18:01 UTC (permalink / raw)
  To: Azeem Shaikh, David Howells
  Cc: linux-hardening, keyrings, linux-kernel, Paul Moore, James Morris,
	Serge E. Hallyn, linux-security-module

On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> ---
>  security/keys/request_key_auth.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> index 41e9735006d0..8f33cd170e42 100644
> --- a/security/keys/request_key_auth.c
> +++ b/security/keys/request_key_auth.c
> @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
>  	if (!rka->callout_info)
>  		goto error_free_rka;
>  	rka->callout_len = callout_len;
> -	strlcpy(rka->op, op, sizeof(rka->op));
> +	strscpy(rka->op, op, sizeof(rka->op));
>  
>  	/* see if the calling process is already servicing the key request of
>  	 * another process */


Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
  2023-05-18 18:01 ` Jarkko Sakkinen
@ 2023-05-19 21:11   ` Paul Moore
  2023-05-24  2:45     ` Jarkko Sakkinen
  0 siblings, 1 reply; 7+ messages in thread
From: Paul Moore @ 2023-05-19 21:11 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Azeem Shaikh, David Howells, linux-hardening, keyrings,
	linux-kernel, James Morris, Serge E. Hallyn,
	linux-security-module

On Thu, May 18, 2023 at 2:01 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> > strlcpy() reads the entire source buffer first.
> > This read may exceed the destination size limit.
> > This is both inefficient and can lead to linear read
> > overflows if a source string is not NUL-terminated [1].
> > In an effort to remove strlcpy() completely [2], replace
> > strlcpy() here with strscpy().
> > No return values were used, so direct replacement is safe.
> >
> > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > [2] https://github.com/KSPP/linux/issues/89
> >
> > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> > ---
> >  security/keys/request_key_auth.c |    2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> > index 41e9735006d0..8f33cd170e42 100644
> > --- a/security/keys/request_key_auth.c
> > +++ b/security/keys/request_key_auth.c
> > @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
> >       if (!rka->callout_info)
> >               goto error_free_rka;
> >       rka->callout_len = callout_len;
> > -     strlcpy(rka->op, op, sizeof(rka->op));
> > +     strscpy(rka->op, op, sizeof(rka->op));
> >
> >       /* see if the calling process is already servicing the key request of
> >        * another process */
>
>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

Since you maintain this code Jarkko, are you planning to merge this
into your tree or would you prefer the KSPP folks merge it?

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
  2023-05-18  4:15 [PATCH] KEYS: Replace all non-returning strlcpy with strscpy Azeem Shaikh
  2023-05-18 18:01 ` Jarkko Sakkinen
  2023-05-18 18:01 ` Jarkko Sakkinen
@ 2023-05-22 19:39 ` Kees Cook
  2 siblings, 0 replies; 7+ messages in thread
From: Kees Cook @ 2023-05-22 19:39 UTC (permalink / raw)
  To: dhowells, jarkko, azeemshaikh38
  Cc: Kees Cook, serge, keyrings, linux-security-module, linux-kernel,
	jmorris, linux-hardening, paul

On Thu, 18 May 2023 04:15:13 +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [...]

Applied to for-next/hardening, thanks!

[1/1] KEYS: Replace all non-returning strlcpy with strscpy
      https://git.kernel.org/kees/c/8d27fcac4a08

-- 
Kees Cook


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
  2023-05-19 21:11   ` Paul Moore
@ 2023-05-24  2:45     ` Jarkko Sakkinen
  2023-05-24  2:49       ` Jarkko Sakkinen
  0 siblings, 1 reply; 7+ messages in thread
From: Jarkko Sakkinen @ 2023-05-24  2:45 UTC (permalink / raw)
  To: Paul Moore
  Cc: Azeem Shaikh, David Howells, linux-hardening, keyrings,
	linux-kernel, James Morris, Serge E. Hallyn,
	linux-security-module

On Sat May 20, 2023 at 12:11 AM EEST, Paul Moore wrote:
> On Thu, May 18, 2023 at 2:01 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> > > strlcpy() reads the entire source buffer first.
> > > This read may exceed the destination size limit.
> > > This is both inefficient and can lead to linear read
> > > overflows if a source string is not NUL-terminated [1].
> > > In an effort to remove strlcpy() completely [2], replace
> > > strlcpy() here with strscpy().
> > > No return values were used, so direct replacement is safe.
> > >
> > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > > [2] https://github.com/KSPP/linux/issues/89
> > >
> > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> > > ---
> > >  security/keys/request_key_auth.c |    2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> > > index 41e9735006d0..8f33cd170e42 100644
> > > --- a/security/keys/request_key_auth.c
> > > +++ b/security/keys/request_key_auth.c
> > > @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
> > >       if (!rka->callout_info)
> > >               goto error_free_rka;
> > >       rka->callout_len = callout_len;
> > > -     strlcpy(rka->op, op, sizeof(rka->op));
> > > +     strscpy(rka->op, op, sizeof(rka->op));
> > >
> > >       /* see if the calling process is already servicing the key request of
> > >        * another process */
> >
> >
> > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
>
> Since you maintain this code Jarkko, are you planning to merge this
> into your tree or would you prefer the KSPP folks merge it?

I can pick it.

BR, Jarkko

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KEYS: Replace all non-returning strlcpy with strscpy
  2023-05-24  2:45     ` Jarkko Sakkinen
@ 2023-05-24  2:49       ` Jarkko Sakkinen
  0 siblings, 0 replies; 7+ messages in thread
From: Jarkko Sakkinen @ 2023-05-24  2:49 UTC (permalink / raw)
  To: Jarkko Sakkinen, Paul Moore
  Cc: Azeem Shaikh, David Howells, linux-hardening, keyrings,
	linux-kernel, James Morris, Serge E. Hallyn,
	linux-security-module

On Wed May 24, 2023 at 5:45 AM EEST, Jarkko Sakkinen wrote:
> On Sat May 20, 2023 at 12:11 AM EEST, Paul Moore wrote:
> > On Thu, May 18, 2023 at 2:01 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > > On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> > > > strlcpy() reads the entire source buffer first.
> > > > This read may exceed the destination size limit.
> > > > This is both inefficient and can lead to linear read
> > > > overflows if a source string is not NUL-terminated [1].
> > > > In an effort to remove strlcpy() completely [2], replace
> > > > strlcpy() here with strscpy().
> > > > No return values were used, so direct replacement is safe.
> > > >
> > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > > > [2] https://github.com/KSPP/linux/issues/89
> > > >
> > > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> > > > ---
> > > >  security/keys/request_key_auth.c |    2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> > > > index 41e9735006d0..8f33cd170e42 100644
> > > > --- a/security/keys/request_key_auth.c
> > > > +++ b/security/keys/request_key_auth.c
> > > > @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
> > > >       if (!rka->callout_info)
> > > >               goto error_free_rka;
> > > >       rka->callout_len = callout_len;
> > > > -     strlcpy(rka->op, op, sizeof(rka->op));
> > > > +     strscpy(rka->op, op, sizeof(rka->op));
> > > >
> > > >       /* see if the calling process is already servicing the key request of
> > > >        * another process */
> > >
> > >
> > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> >
> > Since you maintain this code Jarkko, are you planning to merge this
> > into your tree or would you prefer the KSPP folks merge it?
>
> I can pick it.

Applied.

BR, Jarkko

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-05-24  2:49 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-18  4:15 [PATCH] KEYS: Replace all non-returning strlcpy with strscpy Azeem Shaikh
2023-05-18 18:01 ` Jarkko Sakkinen
2023-05-18 18:01 ` Jarkko Sakkinen
2023-05-19 21:11   ` Paul Moore
2023-05-24  2:45     ` Jarkko Sakkinen
2023-05-24  2:49       ` Jarkko Sakkinen
2023-05-22 19:39 ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox