[PATCH] tracing/uprobe: Replace strlcpy() with strscpy()

From: Kees Cook
Date: Thu Nov 30 2023 - 15:56:13 EST

Next message: Tony Luck: "Re: [PATCH v12 7/8] x86/resctrl: Sub NUMA Cluster detection and enable"
Previous message: Gustavo A. R. Silva: "[PATCH][next] init: Kconfig: Disable -Wstringop-overflow for GCC-11"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

strlcpy() reads the entire source buffer first. This read may exceed
the destination size limit. This is both inefficient and can lead
to linear read overflows if a source string is not NUL-terminated[1].
Additionally, it returns the size of the source string, not the
resulting size of the destination string. In an effort to remove strlcpy()
completely[2], replace strlcpy() here with strscpy().

The negative return value is already handled by this code so no new
handling is needed here.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
Link: https://github.com/KSPP/linux/issues/89 [2]
Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Cc: linux-trace-kernel@xxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
kernel/trace/trace_uprobe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
index 99c051de412a..a84b85d8aac1 100644
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -151,7 +151,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
return -ENOMEM;

if (addr == FETCH_TOKEN_COMM)
- ret = strlcpy(dst, current->comm, maxlen);
+ ret = strscpy(dst, current->comm, maxlen);
else
ret = strncpy_from_user(dst, src, maxlen);
if (ret >= 0) {
--
2.34.1

Next message: Tony Luck: "Re: [PATCH v12 7/8] x86/resctrl: Sub NUMA Cluster detection and enable"
Previous message: Gustavo A. R. Silva: "[PATCH][next] init: Kconfig: Disable -Wstringop-overflow for GCC-11"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]