Re: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy

From: Kees Cook
Date: Tue Aug 08 2023 - 20:00:16 EST

Next message: Ilkka Koskinen: "Re: [PATCH 3/4] perf vendor events arm64: Add AmpereOne metrics"
Previous message: Florian Westphal: "Re: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy"
In reply to: Florian Westphal: "Re: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy"
Next in thread: Justin Stitt: "[PATCH 2/7] netfilter: nf_tables: refactor deprecated strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 09, 2023 at 01:38:55AM +0200, Florian Westphal wrote:
> Justin Stitt <justinstitt@xxxxxxxxxx> wrote:
> > Fixes several buffer overread bugs present in `ip_set_core.c` by using
> > `strscpy` over `strncpy`.
> >
> > Link: https://github.com/KSPP/linux/issues/90
> > Cc: linux-hardening@xxxxxxxxxxxxxxx
> > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx>
> >
> > ---
> > There exists several potential buffer overread bugs here. These bugs
> > exist due to the fact that the destination and source strings may have
> > the same length which is equal to the max length `IPSET_MAXNAMELEN`.
>
> There is no truncation. Inputs are checked via nla_policy:
>
> [IPSET_ATTR_SETNAME2] = { .type = NLA_NUL_STRING, .len = IPSET_MAXNAMELEN - 1 },

Ah, perfect. Yeah, so if it needs to zero-padding, but it is always
NUL-terminated, strscpy_pad() is the right replacement. Thanks!

--
Kees Cook

Next message: Ilkka Koskinen: "Re: [PATCH 3/4] perf vendor events arm64: Add AmpereOne metrics"
Previous message: Florian Westphal: "Re: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy"
In reply to: Florian Westphal: "Re: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy"
Next in thread: Justin Stitt: "[PATCH 2/7] netfilter: nf_tables: refactor deprecated strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]