From patchwork Tue Aug 8 22:48:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132960 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2450781vqr; Tue, 8 Aug 2023 16:16:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH8HEp9r7EPyuMl6VhiP2qEwyLfCbr4ZT3KP6m1363NKE59r6VKmqj56GdKwQg++8VbZsR5 X-Received: by 2002:a17:906:2012:b0:99c:6c29:7871 with SMTP id 18-20020a170906201200b0099c6c297871mr712410ejo.65.1691536576002; Tue, 08 Aug 2023 16:16:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691536575; cv=none; d=google.com; s=arc-20160816; b=0P30Yw6COGJRUgX5lbR7hRECksDzRVItIjBQihtlX/mWnPczYhV41jZBH2fPKqy/Fx h+SNja+1bv54pDgjiNBjj3o4pjWDQcnuzcAfUKVp7Ptf0htqorjxU/7blZsye8FXtAjp dooGkFdfG49zhflwcFK6gA5mWUebzH8Ju/rU2DuN7Emz7qaqjjXq3Zz1MEAvc0XwGE1j MW4L2g2fwQeT2X9oIgDc7PNx9axk8RL+SaDinlSdCIliA6fAvTSC9fFYW69hb1ryHVTo GWWPn5YJP7OchC4Zl454oDJjw2s/PLAQDuHrS6hDlgG7bjrXIETNwzj90yycpVCdL6Qw N+lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=Xc7VhMTrvAaN4p3UWqO+OkLeafBLiHeufEocAFWpWP3qySrJkizubxtFpbSJB/xPYl uIcLLK68sQ1IEMz3gQew9XAhbtnA88yBA07rGU5tONtlJAuw98w7IEfJSHomButSCJjU BB+TIqGTqQg66cF3K5g5wK2fAWtfaHRQkRPCEzPjRSjCI9aP/hswG/5hnA/1n2WMA/va UDK2ZfIX2TFtX5JbUEHZeaYjKHtu4SCKRyQvt0nO0OSEba4t7pXzRDoAeFdvyehsv9Dd s6KR0V+cVdqkbU7q83eJ/cS9ULtPfMFmfoHSjxiAi1U4S+HRIaI1JY/VMILTjHthUcsK 1i2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ZowPnFVA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y13-20020a170906448d00b0099bd7b268easi2801436ejo.121.2023.08.08.16.15.51; Tue, 08 Aug 2023 16:16:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ZowPnFVA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231764AbjHHWsw (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231534AbjHHWsl (ORCPT ); Tue, 8 Aug 2023 18:48:41 -0400 Received: from mail-oa1-x49.google.com (mail-oa1-x49.google.com [IPv6:2001:4860:4864:20::49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 948F1129 for ; Tue, 8 Aug 2023 15:48:40 -0700 (PDT) Received: by mail-oa1-x49.google.com with SMTP id 586e51a60fabf-1bf00c27c39so10387690fac.2 for ; Tue, 08 Aug 2023 15:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534920; x=1692139720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; b=ZowPnFVAEOQu1o/+XzT8fcaX6DHlVccwrE7gGNHkAx3YDdV+D3o7fUpYyj/vi1Ct5Q +QYJDWnAhftWiK8EgTciXmjxfJNfL1DHfcE3o+XOVVHbUUBr2oc33L84fXDKdg0spibe GZ5bqdG9qrHx/UtSzbaBTMqp6lQxfoXnPa2UM0vLrI7Zb2YiefFjL0pSu/+rNaKy1wlN XhfOQJjCKLo/y7i/PPyKhKK6HKjXtVSpBWc22UEpkQAx89z/FVCmSvgnGCxbk5FjWRbD QKj317GKJBKiDYTXPzGM5v1TxwYmVWI7QXAAaldoX9Tx9r5cTrpz+UfvZC+saxnSr//L 67Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534920; x=1692139720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; b=d0MEXhZKswMYt5S7gGd9B5+otvxvpdcwmUUVPWDgBbByboLkj5ViNiS0VVuwvLMG3P LRsgXgkOU7qtbss8CgCVhJKMkaAwqnwZA3JVoc2y2EBDSs81mAoF3GB6E028NPIpNlYu 9MKRnwVWpOVNqeXtPyKlLDgVWebxgFm6U/AlR1ZHHKQT2XdsPYNmdFp6tar3Q8V5mP1T yzUkboTYLFdY3g+haDAsYog4MOyO7dNojKzYJsVR4InSmOhqk0NVWYbsVmxCKHRh4Duz khTTT+VODN4/qQEHPwSY3vUx+GHT8iaO4Bb97//XHlY7pyLVr7wNLYFqZEhpyNXT6H8J qnTA== X-Gm-Message-State: AOJu0Yz0zu7NuhF6KhYok2iqW7gqhEjaeAM/fb6y/JKPIrcWAjMgIaqo zuPDA2PdbYviInMAjgzLY60ZLQCLwRnyi5BS5w== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6870:5b03:b0:1bf:a06f:ce6f with SMTP id ds3-20020a0568705b0300b001bfa06fce6fmr315997oab.9.1691534919982; Tue, 08 Aug 2023 15:48:39 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:11 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1616; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=epcsNlzjLL3K9DAOvrsRp37/1eZVu8TeiuJpMs34l/Q=; b=L1P2cQc3z99LSWR/qio44oxncmlWLIBSvxY6HOu5W2BRo4B41BhDGwuAbcow63n2hPhRjceUI 9E5bGIoGP2nDYAORkqUToKLoCEdCN/nRopReeZhHhL/7pSX4tiOQrrn X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-6-efbbe4ec60af@google.com> Subject: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773704656363515450 X-GMAIL-MSGID: 1773704656363515450 Prefer `strscpy` to `strncpy` for use on NUL-terminated destination buffers. This fixes a potential bug due to the fact that both `t->u.user.name` and `name` share the same size. Signed-off-by: Justin Stitt --- Here's an example of what happens when dest and src share same size: | #define MAXLEN 5 | char dest[MAXLEN]; | const char *src = "hello"; | strncpy(dest, src, MAXLEN); // -> should use strscpy() | // dest is now not NUL-terminated --- net/netfilter/x_tables.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 470282cf3fae..714a38ec9055 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -768,7 +768,7 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, m->u.user.match_size = msize; strscpy(name, match->name, sizeof(name)); module_put(match->me); - strncpy(m->u.user.name, name, sizeof(m->u.user.name)); + strscpy(m->u.user.name, name, sizeof(m->u.user.name)); *size += off; *dstptr += msize; @@ -1148,7 +1148,7 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, t->u.user.target_size = tsize; strscpy(name, target->name, sizeof(name)); module_put(target->me); - strncpy(t->u.user.name, name, sizeof(t->u.user.name)); + strscpy(t->u.user.name, name, sizeof(t->u.user.name)); *size += off; *dstptr += tsize; @@ -2014,4 +2014,3 @@ static void __exit xt_fini(void) module_init(xt_init); module_exit(xt_fini); -