diff mbox series

strscpy: reject buffer sizes larger than INT_MAX

Message ID 201907260928.23DE35406@keescook (mailing list archive)
State New, archived
Headers show
Series strscpy: reject buffer sizes larger than INT_MAX | expand

Commit Message

Kees Cook July 26, 2019, 4:31 p.m. UTC 
As already done for snprintf(), add a check in strscpy() for giant
(i.e. likely negative and/or miscalculated) copy sizes, WARN, and
error out.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 lib/string.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/lib/string.c b/lib/string.c
index 461fb620f85f..913cb945a82a 100644
--- a/lib/string.c
+++ b/lib/string.c
@@ -182,7 +182,7 @@  ssize_t strscpy(char *dest, const char *src, size_t count)
 	size_t max = count;
 	long res = 0;
 
-	if (count == 0)
+	if (count == 0 || WARN_ON_ONCE(count > INT_MAX))
 		return -E2BIG;
 
 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS