diff mbox series

KEYS: Replace all non-returning strlcpy with strscpy

Message ID 20230518041513.1669386-1-azeemshaikh38@gmail.com (mailing list archive)
State Mainlined
Commit 604b8e7558857814bf7c109bc651697129543383
Headers show
Series KEYS: Replace all non-returning strlcpy with strscpy | expand

Commit Message

Azeem Shaikh May 18, 2023, 4:15 a.m. UTC
strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
---
 security/keys/request_key_auth.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jarkko Sakkinen May 18, 2023, 6:01 p.m. UTC | #1
On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first. This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> ---
>  security/keys/request_key_auth.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> index 41e9735006d0..8f33cd170e42 100644
> --- a/security/keys/request_key_auth.c
> +++ b/security/keys/request_key_auth.c
> @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
>  	if (!rka->callout_info)
>  		goto error_free_rka;
>  	rka->callout_len = callout_len;
> -	strlcpy(rka->op, op, sizeof(rka->op));
> +	strscpy(rka->op, op, sizeof(rka->op));
>  
>  	/* see if the calling process is already servicing the key request of
>  	 * another process */

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko
Jarkko Sakkinen May 18, 2023, 6:01 p.m. UTC | #2
On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> ---
>  security/keys/request_key_auth.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> index 41e9735006d0..8f33cd170e42 100644
> --- a/security/keys/request_key_auth.c
> +++ b/security/keys/request_key_auth.c
> @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
>  	if (!rka->callout_info)
>  		goto error_free_rka;
>  	rka->callout_len = callout_len;
> -	strlcpy(rka->op, op, sizeof(rka->op));
> +	strscpy(rka->op, op, sizeof(rka->op));
>  
>  	/* see if the calling process is already servicing the key request of
>  	 * another process */


Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko
Paul Moore May 19, 2023, 9:11 p.m. UTC | #3
On Thu, May 18, 2023 at 2:01 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> > strlcpy() reads the entire source buffer first.
> > This read may exceed the destination size limit.
> > This is both inefficient and can lead to linear read
> > overflows if a source string is not NUL-terminated [1].
> > In an effort to remove strlcpy() completely [2], replace
> > strlcpy() here with strscpy().
> > No return values were used, so direct replacement is safe.
> >
> > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > [2] https://github.com/KSPP/linux/issues/89
> >
> > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> > ---
> >  security/keys/request_key_auth.c |    2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> > index 41e9735006d0..8f33cd170e42 100644
> > --- a/security/keys/request_key_auth.c
> > +++ b/security/keys/request_key_auth.c
> > @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
> >       if (!rka->callout_info)
> >               goto error_free_rka;
> >       rka->callout_len = callout_len;
> > -     strlcpy(rka->op, op, sizeof(rka->op));
> > +     strscpy(rka->op, op, sizeof(rka->op));
> >
> >       /* see if the calling process is already servicing the key request of
> >        * another process */
>
>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

Since you maintain this code Jarkko, are you planning to merge this
into your tree or would you prefer the KSPP folks merge it?
Kees Cook May 22, 2023, 7:39 p.m. UTC | #4
On Thu, 18 May 2023 04:15:13 +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [...]

Applied to for-next/hardening, thanks!

[1/1] KEYS: Replace all non-returning strlcpy with strscpy
      https://git.kernel.org/kees/c/8d27fcac4a08
Jarkko Sakkinen May 24, 2023, 2:45 a.m. UTC | #5
On Sat May 20, 2023 at 12:11 AM EEST, Paul Moore wrote:
> On Thu, May 18, 2023 at 2:01 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> > > strlcpy() reads the entire source buffer first.
> > > This read may exceed the destination size limit.
> > > This is both inefficient and can lead to linear read
> > > overflows if a source string is not NUL-terminated [1].
> > > In an effort to remove strlcpy() completely [2], replace
> > > strlcpy() here with strscpy().
> > > No return values were used, so direct replacement is safe.
> > >
> > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > > [2] https://github.com/KSPP/linux/issues/89
> > >
> > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> > > ---
> > >  security/keys/request_key_auth.c |    2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> > > index 41e9735006d0..8f33cd170e42 100644
> > > --- a/security/keys/request_key_auth.c
> > > +++ b/security/keys/request_key_auth.c
> > > @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
> > >       if (!rka->callout_info)
> > >               goto error_free_rka;
> > >       rka->callout_len = callout_len;
> > > -     strlcpy(rka->op, op, sizeof(rka->op));
> > > +     strscpy(rka->op, op, sizeof(rka->op));
> > >
> > >       /* see if the calling process is already servicing the key request of
> > >        * another process */
> >
> >
> > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
>
> Since you maintain this code Jarkko, are you planning to merge this
> into your tree or would you prefer the KSPP folks merge it?

I can pick it.

BR, Jarkko
Jarkko Sakkinen May 24, 2023, 2:49 a.m. UTC | #6
On Wed May 24, 2023 at 5:45 AM EEST, Jarkko Sakkinen wrote:
> On Sat May 20, 2023 at 12:11 AM EEST, Paul Moore wrote:
> > On Thu, May 18, 2023 at 2:01 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > > On Thu May 18, 2023 at 7:15 AM EEST, Azeem Shaikh wrote:
> > > > strlcpy() reads the entire source buffer first.
> > > > This read may exceed the destination size limit.
> > > > This is both inefficient and can lead to linear read
> > > > overflows if a source string is not NUL-terminated [1].
> > > > In an effort to remove strlcpy() completely [2], replace
> > > > strlcpy() here with strscpy().
> > > > No return values were used, so direct replacement is safe.
> > > >
> > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > > > [2] https://github.com/KSPP/linux/issues/89
> > > >
> > > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> > > > ---
> > > >  security/keys/request_key_auth.c |    2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
> > > > index 41e9735006d0..8f33cd170e42 100644
> > > > --- a/security/keys/request_key_auth.c
> > > > +++ b/security/keys/request_key_auth.c
> > > > @@ -178,7 +178,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
> > > >       if (!rka->callout_info)
> > > >               goto error_free_rka;
> > > >       rka->callout_len = callout_len;
> > > > -     strlcpy(rka->op, op, sizeof(rka->op));
> > > > +     strscpy(rka->op, op, sizeof(rka->op));
> > > >
> > > >       /* see if the calling process is already servicing the key request of
> > > >        * another process */
> > >
> > >
> > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> >
> > Since you maintain this code Jarkko, are you planning to merge this
> > into your tree or would you prefer the KSPP folks merge it?
>
> I can pick it.

Applied.

BR, Jarkko
diff mbox series

Patch

diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 41e9735006d0..8f33cd170e42 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -178,7 +178,7 @@  struct key *request_key_auth_new(struct key *target, const char *op,
 	if (!rka->callout_info)
 		goto error_free_rka;
 	rka->callout_len = callout_len;
-	strlcpy(rka->op, op, sizeof(rka->op));
+	strscpy(rka->op, op, sizeof(rka->op));
 
 	/* see if the calling process is already servicing the key request of
 	 * another process */