Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Jul 2019 10:58:15 -0700
From: Joe Perches <joe@...ches.com>
To: Kees Cook <keescook@...omium.org>
Cc: Nitin Gote <nitin.r.gote@...el.com>, akpm@...ux-foundation.org, 
	corbet@....net, apw@...onical.com, linux-doc@...r.kernel.org, 
	linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Rasmus
	Villemoes <rasmus.villemoes@...vas.dk>
Subject: Re: [RFC PATCH] string.h: Add stracpy/stracpy_pad (was: Re: [PATCH]
 checkpatch: Added warnings in favor of strscpy().)

On Mon, 2019-07-22 at 10:43 -0700, Joe Perches wrote:
> On Mon, 2019-07-22 at 10:33 -0700, Kees Cook wrote:
> > On Thu, Jul 04, 2019 at 05:15:57PM -0700, Joe Perches wrote:
> > > On Thu, 2019-07-04 at 13:46 -0700, Joe Perches wrote:
> > > > On Thu, 2019-07-04 at 11:24 +0530, Nitin Gote wrote:
> > > > > Added warnings in checkpatch.pl script to :
> > > > > 
> > > > > 1. Deprecate strcpy() in favor of strscpy().
> > > > > 2. Deprecate strlcpy() in favor of strscpy().
> > > > > 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad().
> > > > > 
> > > > > Updated strncpy() section in Documentation/process/deprecated.rst
> > > > > to cover strscpy_pad() case.
> > > 
> > > []
> > > 
> > > I sent a patch series for some strscpy/strlcpy misuses.
> > > 
> > > How about adding a macro helper to avoid the misuses like:
> > > ---
> > >  include/linux/string.h | 16 ++++++++++++++++
> > >  1 file changed, 16 insertions(+)
> > > 
> > > diff --git a/include/linux/string.h b/include/linux/string.h
> > > index 4deb11f7976b..ef01bd6f19df 100644
> > > --- a/include/linux/string.h
> > > +++ b/include/linux/string.h
> > > @@ -35,6 +35,22 @@ ssize_t strscpy(char *, const char *, size_t);
> > >  /* Wraps calls to strscpy()/memset(), no arch specific code required */
> > >  ssize_t strscpy_pad(char *dest, const char *src, size_t count);
> > >  
> > > +#define stracpy(to, from)					\
> > > +({								\
> > > +	size_t size = ARRAY_SIZE(to);				\
> > > +	BUILD_BUG_ON(!__same_type(typeof(*to), char));		\
> > > +								\
> > > +	strscpy(to, from, size);				\
> > > +})
> > > +
> > > +#define stracpy_pad(to, from)					\
> > > +({								\
> > > +	size_t size = ARRAY_SIZE(to);				\
> > > +	BUILD_BUG_ON(!__same_type(typeof(*to), char));		\
> > > +								\
> > > +	strscpy_pad(to, from, size);				\
> > > +})
> > > +
> > >  #ifndef __HAVE_ARCH_STRCAT
> > >  extern char * strcat(char *, const char *);
> > >  #endif
> > 
> > This seems like a reasonable addition, yes. I think Coccinelle might
> > actually be able to find all the existing strscpy(dst, src, sizeof(dst))
> > cases to jump-start this conversion.
> 
> I did that.  It works.  It's a lot of conversions.
> 
> $ cat str.cpy.cocci
> @@
> expression e1;
> expression e2;
> @@
> 
> - strscpy(e1, e2, sizeof(e1))
> + stracpy(e1, e2)
> 
> @@
> expression e1;
> expression e2;
> @@
> 
> - strlcpy(e1, e2, sizeof(e1))
> + stracpy(e1, e2)
> 
> > Devil's advocate: this adds yet more string handling functions... will
> > this cause even more confusion?
> 
> Documentation is good.
> Actual in-kernel use and examples better.

btw: I just ran this again and it produces:

$ spatch --in-place -sp-file str.cpy.cocci .
$ git checkout tools/
$ git diff --shortstat
 958 files changed, 2179 insertions(+), 2655 deletions(-)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.