Re: [PATCH] r8152: Avoid memcpy() over-reading of ETH_SS_STATS
From: Andrew Lunn
Date: Wed Jun 16 2021 - 16:03:00 EST
On Wed, Jun 16, 2021 at 12:53:03PM -0700, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally reading across neighboring array fields.
>
> The memcpy() is copying the entire structure, not just the first array.
> Adjust the source argument so the compiler can do appropriate bounds
> checking.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> drivers/net/usb/r8152.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
> index 85039e17f4cd..5f08720bf1c9 100644
> --- a/drivers/net/usb/r8152.c
> +++ b/drivers/net/usb/r8152.c
> @@ -8678,7 +8678,7 @@ static void rtl8152_get_strings(struct net_device *dev, u32 stringset, u8 *data)
> {
> switch (stringset) {
> case ETH_SS_STATS:
> - memcpy(data, *rtl8152_gstrings, sizeof(rtl8152_gstrings));
> + memcpy(data, rtl8152_gstrings, sizeof(rtl8152_gstrings));
> break;
Is this correct? The call is supposed to return all the statistic
strings, which would be the entire structure.
Andrew