aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-crypto/libkcapi/files/0001-Fix-possible-buffer-overflow-with-strncpy-and-Wstrin.patch
blob: f35f631c6010431d3dfa20d90794376389a25490 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
From 303c766d67cef5c357e9b3d3a97f7b480d29e1cb Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:16 +0200
Subject: [PATCH 1/3] Fix possible buffer overflow with strncpy and
 -Wstringop-truncation warning

If valid cipher name (to which netlink socket was bound) is longer than
CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will
try to copy length of this cipher name into smaller buffer.

In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is
defined as 64 but since commit f437a3f477cc ("crypto: api - Extend
algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel
defines it as 128.

It is error-prone to use source buffer length as limit of dst buffer.
Instead choose sizeof(dst buffer).

This also fixes the warning with GCC v8.1.0:

    lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2':
    lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
        strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Upstream-Status: Submitted
---
 lib/kcapi-kernel-if.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 2481f8abde63..807cbfe219cd 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle,
 
 	if (drivername)
 		strncpy(req.cru.cru_driver_name, ciphername,
-			strlen(ciphername));
+			sizeof(req.cru.cru_driver_name) - 1);
 	else
-		strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
+		strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1);
 
 	/* talk to netlink socket */
 	sd =  socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO);
-- 
2.7.4