Re: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy

From: Florian Westphal
Date: Tue Aug 08 2023 - 19:57:37 EST

Next message: Kees Cook: "Re: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy"
Previous message: Sean Christopherson: "Re: [RFC PATCH 3/3] KVM: x86/mmu: skip zap maybe-dma-pinned pages for NUMA migration"
In reply to: Justin Stitt: "[PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy"
Next in thread: Kees Cook: "Re: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Justin Stitt <justinstitt@xxxxxxxxxx> wrote:
> Prefer `strscpy` to `strncpy` for use on NUL-terminated destination
> buffers.
>
> This fixes a potential bug due to the fact that both `t->u.user.name`
> and `name` share the same size.

This replacement seems fine.

> Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx>
>
> ---
> Here's an example of what happens when dest and src share same size:
> | #define MAXLEN 5
> | char dest[MAXLEN];
> | const char *src = "hello";
> | strncpy(dest, src, MAXLEN); // -> should use strscpy()
> | // dest is now not NUL-terminated

This can't happen here, the source string is coming from the kernel
(xt target and matchinfo struct).

But, even if it would it should be fine, this function prepares
the translated 64bit blob which gets passed to translate_table(),
and that function has to check for '\0' presence.

Normally it handles the native (non-compat) data originating from
userspace, so m-->user.name can not be assumed to contain a \0.

Next message: Kees Cook: "Re: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy"
Previous message: Sean Christopherson: "Re: [RFC PATCH 3/3] KVM: x86/mmu: skip zap maybe-dma-pinned pages for NUMA migration"
In reply to: Justin Stitt: "[PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy"
Next in thread: Kees Cook: "Re: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]