From patchwork Tue Jul 14 08:32:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lee Jones X-Patchwork-Id: 11661955 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5565C13A4 for ; Tue, 14 Jul 2020 08:34:31 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2DA7621D90 for ; Tue, 14 Jul 2020 08:34:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="heu8QE+9"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="fx6MU4ki" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2DA7621D90 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=IeVhNXyfrpYIMPa8H2s9ijMAz8kg9ABjiuRwnBwWhYM=; b=heu8QE+9AEW8NW8jT2GlkGiXGN vHWDP8GeMYYrH+G7VvFP4EHmUOgokWQ9hr18Uofg9ReCy/534jY8BQoe71+rU8T6ISBOlD1vlsU7I iJQiz01US11pWXnGGFZgLfgntTQ1qvrdIGkJZZhT4b8t6z9SloJ+KwapOFclpNohH6+Z6fYJ++b7u gEZLkYILXeOrKtshQvdX6xxuOYPT1Hidz+uQbJvbyqCdqYyeRl6PGHSw6P7AhKRRITSZ7QSK2an0y 7T6JI6dRrz3JfC6ORfXy9FNfwewY15J/GqT9XuVOyhdvzVGbXL3pqKhDJiFnPQ1tRZyg9vPC5eG8w p5zknDPQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jvGNB-00057x-IJ; Tue, 14 Jul 2020 08:33:09 +0000 Received: from mail-wm1-x341.google.com ([2a00:1450:4864:20::341]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jvGN9-00056u-84 for linux-arm-kernel@lists.infradead.org; Tue, 14 Jul 2020 08:33:08 +0000 Received: by mail-wm1-x341.google.com with SMTP id l2so4045240wmf.0 for ; Tue, 14 Jul 2020 01:33:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vZ8sXgc4O5wGM0NeFKNvAvgtUFt05AlY27etdLwPk2Q=; b=fx6MU4kioiP6of1mQ5lTe4Cl3aouCNyDNnbyUmwK/RifMwXKHl9bs9si+sWPZzt5Sd 3gqxr4buJJ5xI6DGT2EBPeA7/ftd8qJHdomouQvdc7LV2TeWvqLrv1tukJO84iC+9QP/ tKNsEKjDUrg/A4DIQY8b8eQxOEBi1Fkf8YxifHrRP3IBACBYDJsLZDBLUwAQgyK6HwyR UR7g6xxbLICF6EZuMpsNRWknFs0shMHL87qOQEuybZRmwqGgBwUb+NTNMlKDsWqogt+m Pcbd539UYPRISXXO57GEWVMIvNdqZ++8MMwGFYA/xBiUsXBnQXmQ8cda87X33keO9282 QAqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vZ8sXgc4O5wGM0NeFKNvAvgtUFt05AlY27etdLwPk2Q=; b=KpvrrEkYczs4CsuD4PGlaB66E/Yx4ObqsguMVCgZEE+H7FN8pwhmcT3XpXmCynlfBk ItFkwFSAaQbCa3LCPi1MgyTJooCv3XyWYXA9UJ/QxVDgd6IqDb+yOCkbWQqsydHknnWW KMwdK/XrTjJoHcxg8ojL57qSl0yeG7YQQWNF8i6lM6/itV9N98iStXJuKkb5dy8vVfFw TpQ5MKIWr0z1cF6vq2yjkke5K5EZDMqG/Gfh1yVtr/loAvrbl/rJKi+iiX8Lmyq2Ry00 G4OY13NztB9qnqHJ5bVGd/EBXgbIC6abh+I20RF+ZKSJssk4dqRmPQdyWvaTYS/lJh9H 7QbQ== X-Gm-Message-State: AOAM530RSKivKJdx0MtJO19k3Fq4/K/KooykKG4Lnna2nJtFfY/AOepS ptiZEBX/U8LTu1ujGivDLExU5Q== X-Google-Smtp-Source: ABdhPJycHx3NV6xfOaylzcYOnFH7Ad981YfRgvOt73meNM8CdcaMXW/nM44A30Yt/V+OFsAxoNVvbA== X-Received: by 2002:a1c:acc3:: with SMTP id v186mr3269476wme.79.1594715586356; Tue, 14 Jul 2020 01:33:06 -0700 (PDT) Received: from localhost.localdomain ([2.31.163.61]) by smtp.gmail.com with ESMTPSA id u10sm3188209wml.29.2020.07.14.01.33.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jul 2020 01:33:05 -0700 (PDT) From: Lee Jones To: arnd@arndb.de, gregkh@linuxfoundation.org Subject: [PATCH 1/1] misc: c2port: core: Make copying name from userspace more secure Date: Tue, 14 Jul 2020 09:32:59 +0100 Message-Id: <20200714083259.1313267-1-lee.jones@linaro.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200714_043307_402297_3C09D0B7 X-CRM114-Status: GOOD ( 13.57 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:341 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Rodolfo Giometti , Geert Uytterhoeven , linux-kernel@vger.kernel.org, "Eurotech S.p.A" , Lee Jones , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Currently the 'c2dev' device data is not zeroed when its allocated. Coupled with the fact strncpy() *may not* provide a NUL terminator means that a 1-byte leak would be possible *if* this was ever copied to userspace. To prevent such a failing, let's first ensure the 'c2dev' device data area is fully zeroed out and ensure the buffer will always be NUL terminated by using the kernel's strscpy() which a) uses the destination (instead of the source) size as the bytes to copy and b) is *always* NUL terminated. Cc: Rodolfo Giometti Cc: "Eurotech S.p.A" Reported-by: Geert Uytterhoeven Signed-off-by: Lee Jones Acked-by: Arnd Bergmann --- drivers/misc/c2port/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c index 80d87e8a0bea9..0de538a1cc1c6 100644 --- a/drivers/misc/c2port/core.c +++ b/drivers/misc/c2port/core.c @@ -899,7 +899,7 @@ struct c2port_device *c2port_device_register(char *name, unlikely(!ops->c2d_get) || unlikely(!ops->c2d_set)) return ERR_PTR(-EINVAL); - c2dev = kmalloc(sizeof(struct c2port_device), GFP_KERNEL); + c2dev = kzalloc(sizeof(struct c2port_device), GFP_KERNEL); if (unlikely(!c2dev)) return ERR_PTR(-ENOMEM); @@ -923,7 +923,7 @@ struct c2port_device *c2port_device_register(char *name, } dev_set_drvdata(c2dev->dev, c2dev); - strncpy(c2dev->name, name, C2PORT_NAME_LEN - 1); + strscpy(c2dev->name, name, sizeof(c2dev->name)); c2dev->ops = ops; mutex_init(&c2dev->mutex);