| Message ID | 20220216202548.2093883-1-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | f4e335f34519ba8e1271f779a7bc7db168e4488d |
| Headers | show |
| Series | lkdtm/fortify: Swap memcpy() for strncpy() | expand |
On 2/17/22 1:25 AM, Kees Cook wrote: > The memcpy() runtime defenses are still not landed, so test with > strncpy() for now. > > Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com> > Cc: Arnd Bergmann <arnd@arndb.de> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c index d06458a4858e..ab33bb5e2e7a 100644 --- a/drivers/misc/lkdtm/fortify.c +++ b/drivers/misc/lkdtm/fortify.c @@ -44,14 +44,14 @@ void lkdtm_FORTIFIED_SUBOBJECT(void) strscpy(src, "over ten bytes", size); size = strlen(src) + 1; - pr_info("trying to strcpy past the end of a member of a struct\n"); + pr_info("trying to strncpy past the end of a member of a struct\n"); /* - * memcpy(target.a, src, 20); will hit a compile error because the + * strncpy(target.a, src, 20); will hit a compile error because the * compiler knows at build time that target.a < 20 bytes. Use a * volatile to force a runtime error. */ - memcpy(target.a, src, size); + strncpy(target.a, src, size); /* Store result to global to prevent the code from being eliminated */ fortify_scratch_space = target.a[3];
The memcpy() runtime defenses are still not landed, so test with strncpy() for now. Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/misc/lkdtm/fortify.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)