From patchwork Tue Aug 8 22:48:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132959 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2450463vqr; Tue, 8 Aug 2023 16:15:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGC2OW4rKybFpnwEzDW1NyS/NapD1d0xvFNxLc+odQgMSQVi8oC5QxWAgh0QEsGCGscIlLh X-Received: by 2002:a17:902:b946:b0:1bb:4861:d3a7 with SMTP id h6-20020a170902b94600b001bb4861d3a7mr1083933pls.16.1691536530713; Tue, 08 Aug 2023 16:15:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691536530; cv=none; d=google.com; s=arc-20160816; b=lgK0QXAJH0Beo0VGqhGOnhBdi+xgkoiBb2xopbxgxKSDC+ljIBYqUhqeVH4rgkET1u 19PSwyViUL72KRC4EW7EQQ+gIeE49oPjnShkkUs124ECBMqsqhT5ooPZRTCKMfrOFGRb lRcRG8ljcs8bWbxGeOXnGqj7A/KEGD0P5aR3bm3NBfDmn4PLhMcmNHbjr2zlrf9PNgiY 2/lZstLUEWjlXBKj0lnPg5jLchHR5dVnD6lLkD1UYjEIoJxnKh13u/3QmWzO8EBeYkjt TTW5tup1WQoHTCxUA2ownwirP1ynFx8bGa2fuSPUWGmWU1nLOhn2aDW89H/UMKyqMApE XzLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=TmxbnIjb/GqnmOwdg1rDIRZFSHSZsVM8YSAQMHLnbME=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=FkJGEtBUx3ux3BXn6loLZ2bvoG4FMmAsDZcC5UYhOruRWS7QAfifHIkE/JrQUTQEJX A3Uc9HK15VozKZ3XQxdH4hGjOJ7zaqvSRegCiTgT9XZgcaVaO3GT/DogN+cAgcr7cnAg R9OTRIEvr3nhq7IFulpBuvRpP1fcmXCA/fVOslsqgrFoiYAQQXDx+jtfq60tshjPMt7E eMc69iyknEeh+KYO8zed4jvpatlVc/9DD5GGP0WXH774+IX1X60AF0Lk27z2dAL9OrMr DMPQMOW/gQLGrHqjh4zIG1kg6aAkV0FxjdE5JjdCOP8DrbrPFqCXRkUhV4wLTNlXSgLB /h9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=aIe42t0D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w3-20020a170902e88300b001b87b716f87si1985017plg.329.2023.08.08.16.15.17; Tue, 08 Aug 2023 16:15:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=aIe42t0D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231430AbjHHWsi (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230327AbjHHWsf (ORCPT ); Tue, 8 Aug 2023 18:48:35 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE808129 for ; Tue, 8 Aug 2023 15:48:34 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-586bd766310so35963657b3.0 for ; Tue, 08 Aug 2023 15:48:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534914; x=1692139714; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=TmxbnIjb/GqnmOwdg1rDIRZFSHSZsVM8YSAQMHLnbME=; b=aIe42t0D+ftKfG+ClAKmcOJv9mfebYDaQmvdUgboDYiuG7ilotz/5nbttvtF9fDi1O rDs+7df7Cjn2shLvTm3qNsiEBm8OAhAGyBYA8+AW/pofGiv6RHPapbcws6nbEk9HrPGS jdpUQ2BCppjQpV6sMqGiCLG4WGKm2D7YKRlPEGM+eVzHKsUpnoDU0g025UZnAtmR5xKS 69kyYON2cNSaE9f11a+LbFMqSZNt4tUq/usnE638ystMj35JNiukiKDpxLr0+iFW4Iwk J0bUrgboDjs3jAOSnOJyEJ65ZJ5Jx29Wa8GeSwiRYeXVg8OBaqUv/tSju9f+CoMdqa+d o0+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534914; x=1692139714; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TmxbnIjb/GqnmOwdg1rDIRZFSHSZsVM8YSAQMHLnbME=; b=Rh0hqo6zyN08T+CrHNsO3yrh9o808XoMkqWdFLhKGnsCMOEn1jVDrrLvx7sEXpWQOI LBThFXx93nY63Uz4d3QVMi303WMU6ijJwGrYxdtksXdB/BBBzA9NwgTT/EcjeY3en/h1 OTNf/VqwXaRk2RwLse+BopMGar049AfXwxo4OmBnRbd0SUXJwwE96Sxhzp5NQtBmwOSM g4q2ckp5naQea+shnVX6Fy1cnW91Ud/zS8Ssa5h1cp3FgWfhEjW3o2yXoyy4fg2ws7xE BZYm/2YOVq8asFs/WxduL2kzBky35Nxy/Aq+qRBTS6d5yE7wASuzBJqzsiyAI/xdcxgp SVvg== X-Gm-Message-State: AOJu0Yy4lj8FuYhZTHMgQKpnMc3cjdBCLWFOzkcZoaAbs2u5F6UUDrQO OJQ1G/5cZ0Zzvl7g2PVx2JXwQqvOWKehLOnx3w== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:440f:0:b0:576:9519:7085 with SMTP id r15-20020a81440f000000b0057695197085mr21593ywa.7.1691534914271; Tue, 08 Aug 2023 15:48:34 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:06 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=2289; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=DmlnBBnHsP5QeIGI++tEAn9BIzXi+bfjHimTMSaz/pg=; b=620tlRlsF6w/UUZG5WGZx2U4Mf2LH5YYLrf8rikieAPOtoORP/uUHedtmuqLWAwhLMG5oiohV aRW3uUVCq+7BzN6wbjpH81lJbtdkmWqFFVPVtC/eGuYqCKR1vIDbvcj X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-1-efbbe4ec60af@google.com> Subject: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773704609448723556 X-GMAIL-MSGID: 1773704609448723556 Fixes several buffer overread bugs present in `ip_set_core.c` by using `strscpy` over `strncpy`. Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt --- There exists several potential buffer overread bugs here. These bugs exist due to the fact that the destination and source strings may have the same length which is equal to the max length `IPSET_MAXNAMELEN`. Here's an example: | #define MAXLEN 5 | char dest[MAXLEN]; | const char *src = "hello"; | strncpy(dest, src, MAXLEN); // -> should use strscpy() | // dest is now not NUL-terminated Note: This patch means that truncation now happens silently (which is better than a silent bug) but perhaps we should have some assertions that fail when a truncation is imminent. Thoughts? --- net/netfilter/ipset/ip_set_core.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 0b68e2e2824e..fc77080d41a2 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -872,7 +872,7 @@ ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name) BUG_ON(!set); read_lock_bh(&ip_set_ref_lock); - strncpy(name, set->name, IPSET_MAXNAMELEN); + strscpy(name, set->name, IPSET_MAXNAMELEN); read_unlock_bh(&ip_set_ref_lock); } EXPORT_SYMBOL_GPL(ip_set_name_byindex); @@ -1326,7 +1326,7 @@ static int ip_set_rename(struct sk_buff *skb, const struct nfnl_info *info, goto out; } } - strncpy(set->name, name2, IPSET_MAXNAMELEN); + strscpy(set->name, name2, IPSET_MAXNAMELEN); out: write_unlock_bh(&ip_set_ref_lock); @@ -1380,9 +1380,9 @@ static int ip_set_swap(struct sk_buff *skb, const struct nfnl_info *info, return -EBUSY; } - strncpy(from_name, from->name, IPSET_MAXNAMELEN); - strncpy(from->name, to->name, IPSET_MAXNAMELEN); - strncpy(to->name, from_name, IPSET_MAXNAMELEN); + strscpy(from_name, from->name, IPSET_MAXNAMELEN); + strscpy(from->name, to->name, IPSET_MAXNAMELEN); + strscpy(to->name, from_name, IPSET_MAXNAMELEN); swap(from->ref, to->ref); ip_set(inst, from_id) = to; From patchwork Tue Aug 8 22:48:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 133005 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2495703vqr; Tue, 8 Aug 2023 18:16:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG4rOYF+7um6mEkxryIE8qNodxgq5lGZrli2eH0xa8Zywchcb0KUSYwItw2szFBRuarO+AU X-Received: by 2002:a05:6a21:6da0:b0:13d:7432:ed63 with SMTP id wl32-20020a056a216da000b0013d7432ed63mr1340919pzb.8.1691543811006; Tue, 08 Aug 2023 18:16:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691543810; cv=none; d=google.com; s=arc-20160816; b=Qtt7mED3Os4s7HLkgRgZGg5wAXd2lbY2QgC9LDulUN3nf9MVyPfz5jlVCnhWW063y6 +EznW4bUls8NS39R/nPAetpzjpei5z+5Yz/uMXr71b8Fuv7cXJKo8G6b/8kO1K2X9mmV 2cspDAim6qx+4eZVI8zq74YUdXVrQhJ7dRDAQMiLQOKX7eZqK7DDDM1n2g7wLh1YZiT6 x+muV8QuQwT2FQeoVkcbdGL84K5tZfkWCterP/Y61A9oQH0NiVBraGKOJ5dpflg6X+nT XdLxHGT4+AFHpgOdD+gwlupOm5oVjlhmemrOd8N3qLQzFh9eREYq79a74/rZAajY81TA Qrfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=2n+nft1J+ou/Hn4BoHtSydnM2Q6o7LrROT4GXzieyqk=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=B8mkXw2YjTnQ0bhnPWdfqeHZ1OW0kgxpKeig0fp33cgS6TfHBsy0S/fSfKPRHNrkyw SFX61Pq3E0Wj7GbdMpLfILThHmQYe4itrRFmR7M7B8twYOTrUslc0XSKFaGlt4AIRIBQ LD4c4t0nDVE7cs1U7QJ5MJOCPNxFAK1jbzGj+kJKRQreGLm+Ndrujt2yxn5CVSeygWyp VLgi3ZIPEOWoSiwHZEzhFfRViXvS8jsxzluXbPqjRBY0+wTNzQdCZExQDr4kpBJBv7+X qZ+nAD4DJZPZhVonAlMKNjhg3DrBl0ct+O/VIPIcwcQGZ7BxuEt3C6UnO/tQ/29e3T00 d5tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Z4tv8uuX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d14-20020a170903230e00b001b3c63eba76si8540387plh.492.2023.08.08.18.16.39; Tue, 08 Aug 2023 18:16:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Z4tv8uuX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231535AbjHHWsl (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47522 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230173AbjHHWsh (ORCPT ); Tue, 8 Aug 2023 18:48:37 -0400 Received: from mail-oo1-xc49.google.com (mail-oo1-xc49.google.com [IPv6:2607:f8b0:4864:20::c49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B5D2114 for ; Tue, 8 Aug 2023 15:48:36 -0700 (PDT) Received: by mail-oo1-xc49.google.com with SMTP id 006d021491bc7-565893ef956so8901215eaf.0 for ; Tue, 08 Aug 2023 15:48:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534915; x=1692139715; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2n+nft1J+ou/Hn4BoHtSydnM2Q6o7LrROT4GXzieyqk=; b=Z4tv8uuXCuHU3DyrL7CiwM7GRo//gKoN1gu49jVnkLDa77GxmOTvrZb6iVPtpovqAa y/YZP94ASRtbfUFGv2+k/+4bVka6Zb8iEhQgqrCavmKZqb5Vf3DMxM1GXr8d184OeWox Jkmar07CKdQd0GpGqnTygT2rhd0kL32dr73jAc1qnhLAgdE130ZeCZfffAKAkJ6p4g+3 Dhu8FFeDILrfEK66hbM9G62Cn84pEjVIyl6RtRVPcwxUI4pmvlJGyT/b7ZFu6jTEPe4q d4n4ZEeUzxKpvL+rOyjg+0S0zqmMfzBzAsT4DyiSxbJFnPTWrd8jZrG0UVA3jQ81IpYK PMoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534915; x=1692139715; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2n+nft1J+ou/Hn4BoHtSydnM2Q6o7LrROT4GXzieyqk=; b=eiM7Z6MzQu41d4S7pI6q6C53Vy6aWA4GlAx5aiKrIieXEYlemd0r83gBQTE8p+sDXA csE0z8ymXLu7+BG+VbaNfrEn+YaX3FQ52aoDQ0a6SGuh3Eg5q1Fnl6J80euYuH9Y8xgn +g4CsZ8GLXU11a5CMSxf8MEIjLxlLjlsCHFI79pv24yrupqhWUIq+MHrJlrYgYmUmve/ W0q0HmFDr54VIIGNejj1wQLx+Fnd3L32eY0Bg2rSYVQI3fsjFxwT6HdLDMeZK1TONR1E L5mekHWCMJgEmlr/s8wcmVOCKfjqRVYsD/YLWSE1j2ytuQtRWSYXf1SkDvwlZ5MXKVzc cmrg== X-Gm-Message-State: AOJu0Yzm5qwU/DTTeShlKZdw0jqzBkV02XPYEV0Sjvbo7c9AiZUqsm2d 23SlZsau3mE4BWic79RUKC1m/C3yLbl4I6HQpA== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6808:180f:b0:3a6:feb1:bb83 with SMTP id bh15-20020a056808180f00b003a6feb1bb83mr630290oib.3.1691534915476; Tue, 08 Aug 2023 15:48:35 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:07 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1355; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=h9/FJ0Derc+kHy1+HyfJeM72Jn/xHxsLrarMyJSTkdI=; b=nCzazijk+LV8MhghKkMBl3+PR9A0KP6j7aeC8rKtHaGSgAXmI98rCZPOtIh3eqAsdnnK140X5 2tW2f/G0EY9C+Xes0E05fHk1dEoFtF75/yOMaNAtBErqXMEO7z5CTOV X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-2-efbbe4ec60af@google.com> Subject: [PATCH 2/7] netfilter: nf_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773706180628081407 X-GMAIL-MSGID: 1773712243110218230 Prefer `strscpy` over `strncpy`. Signed-off-by: Justin Stitt --- Note: It is hard to tell if there was a bug here in the first place but it's better to use a more robust and less ambiguous interface anyways. `helper->name` has a size of 16 and the 3rd argument to `strncpy` (NF_CT_HELPER_LEN) is also 16. This means that depending on where `dest`'s offset is relative to `regs->data` which has a length of 20, there may be a chance the dest buffer ends up non NUL-terminated. This is probably fine though as the destination buffer in this case may be fine being non NUL-terminated. If this is the case, we should probably opt for `strtomem` instead of `strscpy`. --- net/netfilter/nft_ct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 38958e067aa8..10126559038b 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -108,7 +108,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr, helper = rcu_dereference(help->helper); if (helper == NULL) goto err; - strncpy((char *)dest, helper->name, NF_CT_HELPER_NAME_LEN); + strscpy((char *)dest, helper->name, NF_CT_HELPER_NAME_LEN); return; #ifdef CONFIG_NF_CONNTRACK_LABELS case NFT_CT_LABELS: { From patchwork Tue Aug 8 22:48:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132976 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2459981vqr; Tue, 8 Aug 2023 16:40:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwpiHPTgW8Na2rPT02fVcffsxLRNn5xxfZhNBwU43vMnFU1Kor6pjp0c4zcHxVvz3d8yYd X-Received: by 2002:a05:6a20:8421:b0:134:3a9b:4cd7 with SMTP id c33-20020a056a20842100b001343a9b4cd7mr1443047pzd.23.1691538029217; Tue, 08 Aug 2023 16:40:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691538029; cv=none; d=google.com; s=arc-20160816; b=AK8GMHDJxbSfxjYb/2lI1fwFfScvSE/ACoXToCIJyH3k8qi6RzFjxRV8ZM1IpjvNPD LoKmoiyj3OMMRuyrbB4hQyEV3hJ+aQoRx9Eo9perKYZUNU4tbhxGxmakvY2I1B4kvC48 4muojYq066+KilhCOyMKVt1PbIYlNNO1o9PyiCbB9WZjQo5VyHyRy/BO9JuKxs+mq95W uYGSvELWpIbiyyuuGsLqUUc7+lOlHnd8tDISEJlE3oiyCnopMu7H0X3Kn4cs4x/TlIJC NSvNpVVuEdIFE+onCd42z7A3gxOH70R1nlnZSCvcVfQoknUqHJgcu/QdMpwZ/kSvIHXB zr3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=pWB/bxoqLSL/ZtMTZ8dV/jChYqo6p+fCOGWCHHtspAU=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=Sgjy6m539Wj7Wbl5K8sylWA5LEZLu1/1jMwl4RI+ZkRlXGkT5r90njMiJXsOEOx8tU zVZsYyzYQOHFWlP0VA0prcKSx1Vlr03rJuvK3kfV7uWZQjA+x3N3qjh/jXvP224HiJzS 2Q6m5dhHliTWb7FNk/xmfJ6m9dYLYLEhoZK1Rh178qGHIMPQZaXmRj2rM6dy/xabzCWs uzwJjHRTuxtCG+vQ0OyAKTOiAroOADA+LQAIFq/DHuw56oadVCUlS1nzhroBJ3d0uzYl 3Wy02zvTEJUMs2Tz1/LmFYfZYtuLZcb6f1Ca9O+9ogzDhd7WdhAx4+6xubjfGieJMBIf i0+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=l0+YZUWT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fa19-20020a056a002d1300b00687072296edsi8195011pfb.149.2023.08.08.16.40.16; Tue, 08 Aug 2023 16:40:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=l0+YZUWT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231593AbjHHWsn (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231422AbjHHWsi (ORCPT ); Tue, 8 Aug 2023 18:48:38 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57419129 for ; Tue, 8 Aug 2023 15:48:37 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-56942442eb0so73698087b3.1 for ; Tue, 08 Aug 2023 15:48:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534916; x=1692139716; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=pWB/bxoqLSL/ZtMTZ8dV/jChYqo6p+fCOGWCHHtspAU=; b=l0+YZUWT9MVORUoAKyZtIiSvH9yjrNYKYquI4h6G3Bw2EZqzd31uHqgRU63WUeJiTY CpJguIuWZtSwCxzXZL7m605eZS8Es5f38S3flkVmk3kM8LB0HvSqtkdI1c7Z2AyBkGtq 5NfO/1zVNGQ5YGvx0dhjCckfQkOwM8SuFYDezhYuUQtB+xJ3JKUpKSCYccD2Z2qKxi22 OO6RsTdtADjOReVX0UY1bUfshvROIJWuQWuJYZtqakkYY3FJ3grYtZbKyVjGMV37v+ur OCp34anb+2N2Kvfjr0/rniDTTRMNJAKTjeHOC8KCmX2XwY+Iinw733StNw48QbzrItoa QVdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534916; x=1692139716; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=pWB/bxoqLSL/ZtMTZ8dV/jChYqo6p+fCOGWCHHtspAU=; b=em/zvKz9GkJL/QyW47ByBpiAx2cMB2fSpvpNxEPSLy1yJkObECY5I4/2VJpfEukkH7 kntZe4p6N3c+wEr2kGaz5h5iOlwPxJ4N9Bp0vWSjby9Ldhlk44GvMqwqMsTtmBuL2ZCE jvN78yuM7Oh9ndb4peABjLMKvO6PhyuNZXWK4OHj7FwTZhzY7lA/3O9sRqt7x7bcVoI2 kReH9BXrSzmEyX2L8IKvQBF0NUWaon9MBDiINRJxUyiRYNhsEJehiifNTyAvR33OAJUq Z7W6shj+EzjQVG0HRdUANlcsinZK/rY3pKGLEjFOpjY4U/Ta4vXofqYQrmpBgAcDfJx1 ZmUw== X-Gm-Message-State: AOJu0YyuwfhohN7Q+zn6FYSx51Dgq0bWRbbBwgauDLbhK63upDbGhhU2 KiEdKloQKEXl8pxhcDW99fHVlxG/d2wl4meFqA== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:ae05:0:b0:579:f832:74b with SMTP id m5-20020a81ae05000000b00579f832074bmr22779ywh.10.1691534916696; Tue, 08 Aug 2023 15:48:36 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:08 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=968; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=ql8BKCTJsc3POKLEq/ADab6DF9AYOTL/azd4EamUBcI=; b=P3R80qBBGIzHAbifBNpGmUCEncCAPqmEwus6LSS+QDg9lMvg2IHe2edYrrt/QOZp2p4frMdd+ ACoDi+vL9tDBW4ezE6keUa+9XyhIWr0M32IT7a0qKJXdIEfk7Y9a0tM X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-3-efbbe4ec60af@google.com> Subject: [PATCH 3/7] netfilter: nf_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773706180628081407 X-GMAIL-MSGID: 1773706180628081407 Prefer `strscpy` over `strncpy`. Signed-off-by: Justin Stitt --- Note: `strscpy` is generally preferred to `strncpy` for use on NUL-terminated destination strings. In this case, however, it is hard for me to tell if the dest buffer wants to be NUL-terminated or not. If NUL-termination is not needed behavior here, let's use `strtomem`. --- net/netfilter/nft_fib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c index 6e049fd48760..f1a3692f2dbd 100644 --- a/net/netfilter/nft_fib.c +++ b/net/netfilter/nft_fib.c @@ -150,7 +150,7 @@ void nft_fib_store_result(void *reg, const struct nft_fib *priv, if (priv->flags & NFTA_FIB_F_PRESENT) *dreg = !!dev; else - strncpy(reg, dev ? dev->name : "", IFNAMSIZ); + strscpy(reg, dev ? dev->name : "", IFNAMSIZ); break; default: WARN_ON_ONCE(1); From patchwork Tue Aug 8 22:48:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132965 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2452911vqr; Tue, 8 Aug 2023 16:21:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEMvVLewIh/s0hYo5S/eo9U4FMbdWuHpg1sBuq59vQaLeh1/NwX44uyLYXmnrRzNTDF1LWX X-Received: by 2002:a5d:65ca:0:b0:317:731c:4d80 with SMTP id e10-20020a5d65ca000000b00317731c4d80mr492135wrw.24.1691536879383; Tue, 08 Aug 2023 16:21:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691536879; cv=none; d=google.com; s=arc-20160816; b=ajAgtxVYQMcVSDXb06s+PnXRSEP5BTrx7yuxZjg1TycH5Y+7cQIVX1kCOvt+MCKfFy tH7BVR3kZFVTFteb7seU9G7EQ6SDYOwr48MvgwfVka821GHVFQRkuJ7/j9HESRBlDzqh k5YSlEHbgLzGD6eO5najTMRwSC7pxbaSy76TQMEFE3/3IQx7bpNxhcUUCsAJY6seiZlW C4o2ePeuGLHz5gYdnSc+Bcgadlslf5vj0W1u8RGWfDQNcY11/AtUMigAFkFbJ0hDRN8Z G9JWONfXGlPtXMJoyms9vjIF2dh1PLjRKjYQvUVTDDCKlDjnJWsfIrWNw64Vu5+UCroh ki0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=+19GBVsvDAVjAStBWUAxMG4PPU/OGJ0H5JL5ZuTDef8=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=iZV2Yb/ygp5fCGiflFaGivSc7Fh7fOZxefcsTlN/NP09tzvEvIkpcupqpeYRacDE/V w2uWjoTZllx6Bbhy1mfSNScfobEgkV9p8U7cpDSXL3SC7Yhs5FlsMQax8lMNF2kdibtz egYYrykxHENpq0EsuCcyOU+wcTunhh2N16pUxJ11lfxcmp5RV2CCh8irykJSmGify7X9 wFhxx2dcx4CFm9T8ACtRi57QLx3WAJU1G6MTK8woHlp5D/rWzGgN7+td9Sj4/1rkKOVt nbIBDp6AFk0VMMpIibdk4i+clic5xBF4w3w0ELCTsWomCUAPuOoEo2reVHukvRX4I95g KhiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=33XuWQ+J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j4-20020aa7c404000000b005232df72071si2940290edq.404.2023.08.08.16.20.54; Tue, 08 Aug 2023 16:21:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=33XuWQ+J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231628AbjHHWsq (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231374AbjHHWsj (ORCPT ); Tue, 8 Aug 2023 18:48:39 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 632B8114 for ; Tue, 8 Aug 2023 15:48:38 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5868992ddd4so73884587b3.0 for ; Tue, 08 Aug 2023 15:48:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534917; x=1692139717; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+19GBVsvDAVjAStBWUAxMG4PPU/OGJ0H5JL5ZuTDef8=; b=33XuWQ+JZacYiunpRf/VpLL+ieGu6gFKhP/kfQt/A/PUBZLTtlxm2/2ie17ypqdLXY XZ7+ymtQ1v237YLPLscwE4bYYZtLPGAUnvBPdCwgT4CADDloYMGmBTI1DA7qAvS1R5dj X5875/w1a0yhqtAQvxC6fc6uFKRhNLsFUanyAesrsxo13nRi2pfWJejJ9tJxOcxd8dpF ueY3fqdWb4iOeEX+HcwPaNrfJYa2/TrdvsAEOpb205dHLWqEOgdL1jjKWHfUJjZd2v2z 9oPx/UHQiuz+JRfRFEOY0zAGyBLscrLc721CcjSFpnolkANjOiG1ia1lj7+HQvcd3e7U YNig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534917; x=1692139717; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+19GBVsvDAVjAStBWUAxMG4PPU/OGJ0H5JL5ZuTDef8=; b=EiBOr7pdpsruiBl6gfbfn+i3EqRSuBW/cr6s54cGSgsjtiE6DmVWlrcEs3Lc1SPjNa UhhdgGS/OD03bRnR5xDZQCtjo2Qi0buq7EAt7wl0RHG82nPoJsjGJXXPnCJZwoKORvfr rQXM8/1QNXDHZ4h4QkRp2iVWZujbJpTgoJ1BeLdqOEAdK0Ytaa4XKPO9AnL15BSyQnHs GCHU9UA8D7yGhRMCNPXq8Ja+spx5DB6p0CVW/bGzIgKiVxbha78OdF6mkh13jXIRZ3yq 90Fb3PQI6TAobTCI2oscYHkOBkI5gPSgE8sAJUURPL2j6um0D8Ko+34wO8z70D6xT6Bq yaKA== X-Gm-Message-State: AOJu0YwOx3Wn2fK212k02MSVYYb4up/LNsOmwSgZ+AotJMrICCWZ1Q5S oSYnTY4pc1OQ5iy7dE9go6jfKQO4OJu1dQymGw== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:414c:0:b0:583:a3c1:6b5a with SMTP id f12-20020a81414c000000b00583a3c16b5amr23219ywk.4.1691534917623; Tue, 08 Aug 2023 15:48:37 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:09 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1607; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=GBQjyBthg5dmrMfaCEkr5QXSIAmXCZ5owhSbCo8Ik6c=; b=l4qPLd4+/BNAz/Lm7D/syXKR78TObwPJdYwbnpE7ksVaBVJA3lf0WqxSNnU3hcPfzO6VTlbM+ dgb9SEDK59NATnse+FDklDxWNo24X2WOTSFQSKlQggwoEor3t6oFjrl X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-4-efbbe4ec60af@google.com> Subject: [PATCH 4/7] netfilter: nft_meta: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773704974930073340 X-GMAIL-MSGID: 1773704974930073340 Prefer `strscpy` to `strncpy` since it's more robust and less ambiguous. Signed-off-by: Justin Stitt --- Note: I wasn't able to tell what the expected size of `out->rtnl_link_ops->kind` is. If it is less than or equal to `IFNAMSIZ` then there was no bug present and a bug present otherwise. Nonetheless, let's swap over to strscpy. --- net/netfilter/nft_meta.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 8fdc7318c03c..de8ced05a273 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -185,12 +185,12 @@ static noinline bool nft_meta_get_eval_kind(enum nft_meta_keys key, case NFT_META_IIFKIND: if (!in || !in->rtnl_link_ops) return false; - strncpy((char *)dest, in->rtnl_link_ops->kind, IFNAMSIZ); + strscpy((char *)dest, in->rtnl_link_ops->kind, IFNAMSIZ); break; case NFT_META_OIFKIND: if (!out || !out->rtnl_link_ops) return false; - strncpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ); + strscpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ); break; default: return false; @@ -206,7 +206,7 @@ static void nft_meta_store_ifindex(u32 *dest, const struct net_device *dev) static void nft_meta_store_ifname(u32 *dest, const struct net_device *dev) { - strncpy((char *)dest, dev ? dev->name : "", IFNAMSIZ); + strscpy((char *)dest, dev ? dev->name : "", IFNAMSIZ); } static bool nft_meta_store_iftype(u32 *dest, const struct net_device *dev) From patchwork Tue Aug 8 22:48:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132955 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2450252vqr; Tue, 8 Aug 2023 16:15:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHQu8nOqerPxkXJor5w/YGSOPyLbFJJP/EctJiaRoZ5RppQLEF3ul3vj/QnPlVLW9n7/j5R X-Received: by 2002:a05:6a00:1884:b0:66c:a45:f00b with SMTP id x4-20020a056a00188400b0066c0a45f00bmr1100895pfh.23.1691536501331; Tue, 08 Aug 2023 16:15:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691536501; cv=none; d=google.com; s=arc-20160816; b=zp46S3DAIiA5qhQ4e5YDSeogXtbd/AnoXXwFjTK7q1Xum4wgruhu53DhLuQ4xS9lzz l+e6fg+VQUV90nYIKYGDpptVM36bY/P5SOwGF+4VVeeVshU+m9mTCPpc7mPiPMymHUNM x4Taysdqj55UDgZDwn4gaERGXm1hT3sSHyPSHlZZNiPJWr10cpJGmON7VGPBk706Vsop pwpNzCgFCFVjxXDliFrRXgFhf5NIIefbHGkBu5wRZOIODEbxPEdZRzGAPOjbFC/miK4O 3Bwf7cPdxLM5H7Dtj9Rii7V9NTCQ0Rpiz7kRYSvzzgOtuGtFy3PAN0X1fLGgn9ILEMjl Sfgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=FjrWn1fSMygYDZZgckHhk0mXRfqs5Nidx65ICO3A52I=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=T6dNyi0GGdswViO3XceAjWD78rTgY55E+JA6ZXZ1bsN05Bi0/+jdasXSKWXRGjc2lE lPB9nuT5Jz1uKnupoaRsk1fz9yw/Im56m87WZf4y97UEijCHwdMyLbGb9WwZ1jHcrPhf hkKLmy41NE7Cy6TtXVrl4l9+BF6a6uLlpPLfBMfLaTBbJVyFrHMFXBL5rOhRdDLTsdOC +mutsT5wS8FUD9Q+2HYW6HJxBKgU9JGXi4zsvSQWT3pUaYf2bzSXlZeMyynwjZ6gSo5T RiPMMpY8LXa7jC6w6JK5nC1IwplqGljNRU3lswcME9GCKdKZILSoz6RXeLWL8c6A3JO5 CKpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=gV4k4AQm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i131-20020a636d89000000b00563e652b06fsi6014732pgc.893.2023.08.08.16.14.48; Tue, 08 Aug 2023 16:15:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=gV4k4AQm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231476AbjHHWst (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231473AbjHHWsk (ORCPT ); Tue, 8 Aug 2023 18:48:40 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E362136 for ; Tue, 8 Aug 2023 15:48:39 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d06d36b49f9so5788266276.1 for ; Tue, 08 Aug 2023 15:48:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534918; x=1692139718; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FjrWn1fSMygYDZZgckHhk0mXRfqs5Nidx65ICO3A52I=; b=gV4k4AQmJbNKxgLMYapJVIyO+9QcRPAfIhEdNQg0adenoyHWaTerujLmngfOXKcDvE DH3nTqA0kwzcCzLf6rxttNAOaJi/l5pr5ZiQFaLGXpuby+Az24eT0gxFj9TXFKS/4OX5 VfWhqmlOIrgsoLOGFKr5LcIyQkoqKUdV2n+sWwqJ2G1B99tL7e3HTacu1x99c9fvCSZM BJXaYkIwuqE+r7BOIKKIVjI8XEkaZbNeH2eYr148VmffSGU8/uWx9fjbing1ZRjq3vss hg76ITGXmsQEVRX3T+Y1ADizkXb6H36uNS1m4cqUy9bQgz/myepQzF5SKC77aMhxtNaY izGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534918; x=1692139718; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FjrWn1fSMygYDZZgckHhk0mXRfqs5Nidx65ICO3A52I=; b=BVJzLxa4GpYsU2hUMV4hjg676Bv18JvNARYUYoqQN79c5j3dYbETxXMgEUrfAmuIzg 45163iTlLqwou+TxWY1FlLFdZ+heMU0NN9+pdFLK7hYzXMQuHJbEm8kZ9uU/9Ll2yC+n ZHJwpj422IygM5F6rHsmA73N4qBQAuaHvAHD5KECGFFeeclwyy9Xhm9Ktgb99CCgOSZw gyz81IhHBKRUGXC4hy8v1aiYGhq/UCqCcFjPr+ksAMEbjJfNKcDzsTRwAEy7UKNfxQWk pXBex9KFlN1m69QfC9INVncSSd0MYzpg8PjEmAO84gZ49X0mJjp6I5ZwNwzwVKGZeH1Y rkRA== X-Gm-Message-State: AOJu0YzBVMKDFtM1ajoh6AWNBnIPlOgG1jhLjgHpjOsNHzAhChTZfmBn +VOAtWmbsz0Enh0JuZTCFagOxWse7WmBZiFRkQ== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6902:690:b0:d46:45a1:b775 with SMTP id i16-20020a056902069000b00d4645a1b775mr21159ybt.3.1691534918649; Tue, 08 Aug 2023 15:48:38 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:10 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1584; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=TYjOW+AvMsSrKx/9aDmBZSW/vTLjOkdZMrUIxM50vSU=; b=RGO1nAXLC7fjnapekTUAeCHeVncKTCYqVtHP5+QOVJP9VkBsqI4ExgD47xSB2HnII22YwkXMP Jzqi8qIzqKQBStS0NzWem8DN0iJX/MUqERbE9rWZLT517qZ1WczKGid X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-5-efbbe4ec60af@google.com> Subject: [PATCH 5/7] netfilter: nft_osf: refactor deprecated strncpy to strscpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773704578844409311 X-GMAIL-MSGID: 1773704578844409311 Use `strscpy` over `strncpy` for NUL-terminated strings. We can also drop the + 1 from `NFT_OSF_MAXGENRELEN + 1` since `strscpy` will guarantee NUL-termination. Signed-off-by: Justin Stitt --- net/netfilter/nft_osf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c index 70820c66b591..4844e0109a58 100644 --- a/net/netfilter/nft_osf.c +++ b/net/netfilter/nft_osf.c @@ -23,7 +23,7 @@ static void nft_osf_eval(const struct nft_expr *expr, struct nft_regs *regs, struct nft_osf *priv = nft_expr_priv(expr); u32 *dest = ®s->data[priv->dreg]; struct sk_buff *skb = pkt->skb; - char os_match[NFT_OSF_MAXGENRELEN + 1]; + char os_match[NFT_OSF_MAXGENRELEN]; const struct tcphdr *tcp; struct nf_osf_data data; struct tcphdr _tcph; @@ -45,7 +45,7 @@ static void nft_osf_eval(const struct nft_expr *expr, struct nft_regs *regs, } if (!nf_osf_find(skb, nf_osf_fingers, priv->ttl, &data)) { - strncpy((char *)dest, "unknown", NFT_OSF_MAXGENRELEN); + strscpy((char *)dest, "unknown", NFT_OSF_MAXGENRELEN); } else { if (priv->flags & NFT_OSF_F_VERSION) snprintf(os_match, NFT_OSF_MAXGENRELEN, "%s:%s", @@ -53,7 +53,7 @@ static void nft_osf_eval(const struct nft_expr *expr, struct nft_regs *regs, else strscpy(os_match, data.genre, NFT_OSF_MAXGENRELEN); - strncpy((char *)dest, os_match, NFT_OSF_MAXGENRELEN); + strscpy((char *)dest, os_match, NFT_OSF_MAXGENRELEN); } } From patchwork Tue Aug 8 22:48:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132960 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2450781vqr; Tue, 8 Aug 2023 16:16:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH8HEp9r7EPyuMl6VhiP2qEwyLfCbr4ZT3KP6m1363NKE59r6VKmqj56GdKwQg++8VbZsR5 X-Received: by 2002:a17:906:2012:b0:99c:6c29:7871 with SMTP id 18-20020a170906201200b0099c6c297871mr712410ejo.65.1691536576002; Tue, 08 Aug 2023 16:16:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691536575; cv=none; d=google.com; s=arc-20160816; b=0P30Yw6COGJRUgX5lbR7hRECksDzRVItIjBQihtlX/mWnPczYhV41jZBH2fPKqy/Fx h+SNja+1bv54pDgjiNBjj3o4pjWDQcnuzcAfUKVp7Ptf0htqorjxU/7blZsye8FXtAjp dooGkFdfG49zhflwcFK6gA5mWUebzH8Ju/rU2DuN7Emz7qaqjjXq3Zz1MEAvc0XwGE1j MW4L2g2fwQeT2X9oIgDc7PNx9axk8RL+SaDinlSdCIliA6fAvTSC9fFYW69hb1ryHVTo GWWPn5YJP7OchC4Zl454oDJjw2s/PLAQDuHrS6hDlgG7bjrXIETNwzj90yycpVCdL6Qw N+lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=Xc7VhMTrvAaN4p3UWqO+OkLeafBLiHeufEocAFWpWP3qySrJkizubxtFpbSJB/xPYl uIcLLK68sQ1IEMz3gQew9XAhbtnA88yBA07rGU5tONtlJAuw98w7IEfJSHomButSCJjU BB+TIqGTqQg66cF3K5g5wK2fAWtfaHRQkRPCEzPjRSjCI9aP/hswG/5hnA/1n2WMA/va UDK2ZfIX2TFtX5JbUEHZeaYjKHtu4SCKRyQvt0nO0OSEba4t7pXzRDoAeFdvyehsv9Dd s6KR0V+cVdqkbU7q83eJ/cS9ULtPfMFmfoHSjxiAi1U4S+HRIaI1JY/VMILTjHthUcsK 1i2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ZowPnFVA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y13-20020a170906448d00b0099bd7b268easi2801436ejo.121.2023.08.08.16.15.51; Tue, 08 Aug 2023 16:16:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ZowPnFVA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231764AbjHHWsw (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231534AbjHHWsl (ORCPT ); Tue, 8 Aug 2023 18:48:41 -0400 Received: from mail-oa1-x49.google.com (mail-oa1-x49.google.com [IPv6:2001:4860:4864:20::49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 948F1129 for ; Tue, 8 Aug 2023 15:48:40 -0700 (PDT) Received: by mail-oa1-x49.google.com with SMTP id 586e51a60fabf-1bf00c27c39so10387690fac.2 for ; Tue, 08 Aug 2023 15:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534920; x=1692139720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; b=ZowPnFVAEOQu1o/+XzT8fcaX6DHlVccwrE7gGNHkAx3YDdV+D3o7fUpYyj/vi1Ct5Q +QYJDWnAhftWiK8EgTciXmjxfJNfL1DHfcE3o+XOVVHbUUBr2oc33L84fXDKdg0spibe GZ5bqdG9qrHx/UtSzbaBTMqp6lQxfoXnPa2UM0vLrI7Zb2YiefFjL0pSu/+rNaKy1wlN XhfOQJjCKLo/y7i/PPyKhKK6HKjXtVSpBWc22UEpkQAx89z/FVCmSvgnGCxbk5FjWRbD QKj317GKJBKiDYTXPzGM5v1TxwYmVWI7QXAAaldoX9Tx9r5cTrpz+UfvZC+saxnSr//L 67Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534920; x=1692139720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; b=d0MEXhZKswMYt5S7gGd9B5+otvxvpdcwmUUVPWDgBbByboLkj5ViNiS0VVuwvLMG3P LRsgXgkOU7qtbss8CgCVhJKMkaAwqnwZA3JVoc2y2EBDSs81mAoF3GB6E028NPIpNlYu 9MKRnwVWpOVNqeXtPyKlLDgVWebxgFm6U/AlR1ZHHKQT2XdsPYNmdFp6tar3Q8V5mP1T yzUkboTYLFdY3g+haDAsYog4MOyO7dNojKzYJsVR4InSmOhqk0NVWYbsVmxCKHRh4Duz khTTT+VODN4/qQEHPwSY3vUx+GHT8iaO4Bb97//XHlY7pyLVr7wNLYFqZEhpyNXT6H8J qnTA== X-Gm-Message-State: AOJu0Yz0zu7NuhF6KhYok2iqW7gqhEjaeAM/fb6y/JKPIrcWAjMgIaqo zuPDA2PdbYviInMAjgzLY60ZLQCLwRnyi5BS5w== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6870:5b03:b0:1bf:a06f:ce6f with SMTP id ds3-20020a0568705b0300b001bfa06fce6fmr315997oab.9.1691534919982; Tue, 08 Aug 2023 15:48:39 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:11 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1616; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=epcsNlzjLL3K9DAOvrsRp37/1eZVu8TeiuJpMs34l/Q=; b=L1P2cQc3z99LSWR/qio44oxncmlWLIBSvxY6HOu5W2BRo4B41BhDGwuAbcow63n2hPhRjceUI 9E5bGIoGP2nDYAORkqUToKLoCEdCN/nRopReeZhHhL/7pSX4tiOQrrn X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-6-efbbe4ec60af@google.com> Subject: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773704656363515450 X-GMAIL-MSGID: 1773704656363515450 Prefer `strscpy` to `strncpy` for use on NUL-terminated destination buffers. This fixes a potential bug due to the fact that both `t->u.user.name` and `name` share the same size. Signed-off-by: Justin Stitt --- Here's an example of what happens when dest and src share same size: | #define MAXLEN 5 | char dest[MAXLEN]; | const char *src = "hello"; | strncpy(dest, src, MAXLEN); // -> should use strscpy() | // dest is now not NUL-terminated --- net/netfilter/x_tables.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 470282cf3fae..714a38ec9055 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -768,7 +768,7 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, m->u.user.match_size = msize; strscpy(name, match->name, sizeof(name)); module_put(match->me); - strncpy(m->u.user.name, name, sizeof(m->u.user.name)); + strscpy(m->u.user.name, name, sizeof(m->u.user.name)); *size += off; *dstptr += msize; @@ -1148,7 +1148,7 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, t->u.user.target_size = tsize; strscpy(name, target->name, sizeof(name)); module_put(target->me); - strncpy(t->u.user.name, name, sizeof(t->u.user.name)); + strscpy(t->u.user.name, name, sizeof(t->u.user.name)); *size += off; *dstptr += tsize; @@ -2014,4 +2014,3 @@ static void __exit xt_fini(void) module_init(xt_init); module_exit(xt_fini); - From patchwork Tue Aug 8 22:48:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 132962 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2452180vqr; Tue, 8 Aug 2023 16:19:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4TuZdtgjdeixckzfXqoO+Z9J4u3fuYbw28tiql4qPsF5RyIP22JmGuFveJ9FbKhQ10mKE X-Received: by 2002:a17:907:a057:b0:991:f489:3d24 with SMTP id gz23-20020a170907a05700b00991f4893d24mr726547ejc.32.1691536773629; Tue, 08 Aug 2023 16:19:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691536773; cv=none; d=google.com; s=arc-20160816; b=i1M3xHzp/S6Fp/d9191gfEUYUbclDAwZsrZ/JR5Jc46LdqYEq3o/sGSYtebav5EdjF TEQWFDHzML76NETZlWbGVNatCQktthSeFivHQiYaJ+TyrtT8XhwyHGLwma68QRJ73+aA eBhkYofZwVbEfRE6pkfD6Pc6YTie91BHIbEkuUJFY9d1opEqoZMIf7tULYroEYr6ztr1 BBRoN51CCkyEBZvR7h+f5zOfC+xKgSZYs32XwcVzDaNRFlr7otpLMwBwa7ZgetubKkQk 4pkeLcCtsdpgSRmSOtedQJrV+MIWTfRi+xSraLtFivAnbHnXysmxuWlJBC2/2K9mmtA8 IqlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=G9OF2QFsiP3MkrzN4gKJO5o0WhLZ6LzcN9E8K6dc8dQ=; fh=XKPrIMXRcymmuVm42EqALpL6e4c/4tr+JJaDiplPt4I=; b=R3RXaJNJEFtyaLeivS0MVO/Mj1SjHaONiFwGwzSgvaBapl5s51SzUoammWX1e4f7NF DnDsa0H3yPCX62Q8vdip6b3X/AAGFiGVstYbTNTx47wUQLbgV3WPIVdFYt3ONQr0tofG k+INz2Nn9olzaU6JcMJYXFjTNx18y6IDCx4/0mvRGZ7Y5iSjVG42ZU5LvO333eYW3qTu agJJXccIbgSk389mP17UJTiAITklNWao+TU6zjRI2M7K2TNsRD2rm4l6hgnhzlJsSPsT 5E8HFtbyCfboU9/5yd1WZgcljwhcn+FL7w36Ona3QpvKK5mq6InuDbxJQaxs3hakTmSK O/EQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Tk5sym5c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d17-20020a170906041100b00992ac6d8893si5368201eja.792.2023.08.08.16.19.04; Tue, 08 Aug 2023 16:19:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Tk5sym5c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231778AbjHHWsy (ORCPT + 99 others); Tue, 8 Aug 2023 18:48:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231543AbjHHWsm (ORCPT ); Tue, 8 Aug 2023 18:48:42 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 947C5E40 for ; Tue, 8 Aug 2023 15:48:41 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5896bdb0b18so6726827b3.1 for ; Tue, 08 Aug 2023 15:48:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534921; x=1692139721; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=G9OF2QFsiP3MkrzN4gKJO5o0WhLZ6LzcN9E8K6dc8dQ=; b=Tk5sym5cRDFSry8K+vc1HytKkY3IbV6iZulQcdqzajiE0IVk3xAlVvRndUZmAf1bym qmBA/CUFS/PGUXiFjGhkccdVwoX3zHUdcOMoLvXMMUMjR8yufvUM3BMxdbZVUZUBohHJ XDd0dKfCAqHUdAGRMbnyrr4FGDyVDAC1FubuFJd7iCMUjnLDpsu9n3DTiB9Phq8Qvf0E q8U2keEGG0MEUAozFw72uG4Zvu2LbBhukIi5JUVz+Vr+B72eM5IBoS4QlmZ4vDb1Wq63 DfyTE1Qq1a9iFWqR253R9wuYjfP9rEWY7oXwiicHyPCLs7WfdwbOq9mI2Yx1daOUKLxs Jqyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534921; x=1692139721; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=G9OF2QFsiP3MkrzN4gKJO5o0WhLZ6LzcN9E8K6dc8dQ=; b=RGWseE8WH9ty8XoRVNKIP4khdqOo8ONFN0Rq1kWL7oxzbqiS1DQXKllmDDuEZMnQJB SMhmDNyXKTL1Vh7dN6FRUdJbyvhd+wW8qTqgMZETQUPSosfMpBMHc4DzR6BjgLs8NYB6 SQlFbRfL6TV01tXroNtL+lkjTPeENidvZvVMkcXYjMLESBHMH2t5K4vJScZvAWsQCBNp ySWw47uGBjnHIRJRZJ3Bny8sxPm9obH55M7df9rjwud060pC2RaMeiw3p2vHEgKAAY6h bMqKe/BM9ryNGkZIEj1KnUH6IiGPpQlB6izbddOtRSJhVT/QLK0Cpihhixv00yEDSuoB nwjg== X-Gm-Message-State: AOJu0YxAm/CKZWw1eZhDfciKAqvrO67leLZO0pnK4GBwgaarVAC+EX5j X2RdP/JrCTDCLAxOtXMDmrtAdexflIGkFMQIUw== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:b61a:0:b0:586:e91a:46c2 with SMTP id u26-20020a81b61a000000b00586e91a46c2mr107296ywh.4.1691534920928; Tue, 08 Aug 2023 15:48:40 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:12 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1134; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=Bp+w2rTLNgdzNlxLi9FLD4utZ4QUqpPxaPIds7U/AGY=; b=odK4V1dqN6Y308K04MH8d/MRrkeaDSd1rELzLfU+7SDbRdFBl0nXUSsw+H9Y12YsVkVDC43lj zmYSndS5Js/Dv3+IClsSCDsbs7OJ2vOQ6onFe43X7Ff2wDY/LO6DwG0 X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-7-efbbe4ec60af@google.com> Subject: [PATCH 7/7] netfilter: xtables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773704863631525232 X-GMAIL-MSGID: 1773704863631525232 Prefer `strscpy` as it's a more robust interface. There may have existed a bug here due to both `tbl->repl.name` and `info->name` having a size of 32 as defined below: | #define XT_TABLE_MAXNAMELEN 32 This may lead to buffer overreads in some situations -- `strscpy` solves this by guaranteeing NUL-termination of the dest buffer. Signed-off-by: Justin Stitt --- Note: build tested only --- net/netfilter/xt_repldata.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_repldata.h b/net/netfilter/xt_repldata.h index 68ccbe50bb1e..63869fd0ec57 100644 --- a/net/netfilter/xt_repldata.h +++ b/net/netfilter/xt_repldata.h @@ -29,7 +29,7 @@ if (tbl == NULL) \ return NULL; \ term = (struct type##_error *)&(((char *)tbl)[term_offset]); \ - strncpy(tbl->repl.name, info->name, sizeof(tbl->repl.name)); \ + strscpy(tbl->repl.name, info->name, sizeof(tbl->repl.name)); \ *term = (struct type##_error)typ2##_ERROR_INIT; \ tbl->repl.valid_hooks = hook_mask; \ tbl->repl.num_entries = nhooks + 1; \