From patchwork Mon Jul 31 10:09:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 795668 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xLZvN6Dx8z9s4q for ; Mon, 31 Jul 2017 20:10:08 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751918AbdGaKJw (ORCPT ); Mon, 31 Jul 2017 06:09:52 -0400 Received: from mout.kundenserver.de ([217.72.192.75]:65109 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751271AbdGaKJv (ORCPT ); Mon, 31 Jul 2017 06:09:51 -0400 Received: from wuerfel.lan ([78.43.238.10]) by mrelayeu.kundenserver.de (mreue104 [212.227.15.145]) with ESMTPA (Nemesis) id 0MYNUn-1d7AUx1Mbh-00VAfH; Mon, 31 Jul 2017 12:09:18 +0200 From: Arnd Bergmann To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" Cc: Arnd Bergmann , Johannes Berg , Alexey Dobriyan , Aaron Conole , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] netfilter: fix stringop-overflow warning with UBSAN Date: Mon, 31 Jul 2017 12:09:03 +0200 Message-Id: <20170731100913.465530-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:vX7DEeNq3S8QMSYQwq/TcomwFsYDr5ErxdkcC2qCCyM7cye/GGt dWjhJ59gZ4wrxpvXPMYE/5J/2w2AnnaWDvWA+i4Z47kwO0OJh3GT8Ky55KQDLpRHz4tzRsJ lbqLOHZeQeHNZrDFPZrtoByX70/MwVvjugRrDkGSwRr5KaKi3XA41yRvhP8inkVxpfc1Axl cAAq/xDCTXA5bO+OM+QPg== X-UI-Out-Filterresults: notjunk:1; V01:K0:S5xzQ2+qaUY=:sUs7VrIdP+R0089PH2ADZF QF+0tdH9wZLULp22XBuDa85rZKS0onCx1+SRhIbM5MZUAqryBSsv1Fo+mBfRKEj41/xzuzZ8h ycnZa80nV1EoWHB7cOSG5DK619NBkitLD1rWgXJuT9MexecnhQF4bBp/0Qp9d9TA+yGHGH2IN GuKfAVmCDG+ev2c9TOqCGXaa3E2BpMFq6daEiwDRO6yg/t4h0rpazydx6JOtMkjYJR8S+vGRx 0p4S5t3xzLGJhojOWEEdrb1GnLNZP9L/bKPbmhmVkunehZuHjyPsjChqsuZI/6QE4YgRDlD/I uoxhRK4+NkcyF9xdkJRsAVMN9XkvCEbx7tCwY+UkTwAmaoDkBN8l1P9qUjLstxx4wOqGQUQTD CI683jpzk15q4JXxNkxG5h03OlFP50P/+9XXolKgOJy1O8Y+8fyToFp1ls3QGlkYXrYBahEiv Sijsn4fOPgWK/0Qw4jSfYP1ttijeZecb1ECi1URA/pXf8Z+QJw6ZisKGw5jZJQV2wRlUX2Jg5 woKm5v5qexZDaDa00wO3TXjpAkZYUjhVGnB8nqX3hUepaO+BDUNiZ295+jVZQodast5BOk5m6 YIaVqlbLR3YuX8/GEy9V+UasYaKUUGthhB59pjJ7XtHqinA4zdrKo1uMdr4bdXpVwoc1fyO+I fvnL8uL/vNAp3z4ZZteeF31c+YdVBmmSPbUmmssxqDF25eK/+XURIAE6gEcVlfCeB5XfpVGGg FmK3IDKkycpSeKiL9d377a2sYfA3BP85IgHtNA== Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Using gcc-7 with UBSAN enabled, we get this false-positive warning: net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get': net/netfilter/ipset/ip_set_core.c:1998:3: error: 'strncpy' writing 32 bytes into a region of size 2 overflows the destination [-Werror=stringop-overflow=] strncpy(req_get->set.name, set ? set->name : "", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(req_get->set.name)); ~~~~~~~~~~~~~~~~~~~~~~~~~~ This seems completely bogus, and I could not find a nice workaround. To work around it in a less elegant way, I change the ?: operator into an if()/else() construct. Signed-off-by: Arnd Bergmann --- net/netfilter/ipset/ip_set_core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index e495b5e484b1..d7ebb021003b 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1995,8 +1995,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) } nfnl_lock(NFNL_SUBSYS_IPSET); set = ip_set(inst, req_get->set.index); - strncpy(req_get->set.name, set ? set->name : "", - IPSET_MAXNAMELEN); + if (set) + strncpy(req_get->set.name, set->name, + sizeof(req_get->set.name)); + else + memset(req_get->set.name, '\0', + sizeof(req_get->set.name)); nfnl_unlock(NFNL_SUBSYS_IPSET); goto copy; }