From patchwork Sun Dec 2 04:06:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qian Cai X-Patchwork-Id: 1006444 X-Patchwork-Delegate: kadlec@blackhole.kfki.hu Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=gmx.us Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 436vhW68Znz9sBn for ; Sun, 2 Dec 2018 15:06:51 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725306AbeLBEGv (ORCPT ); Sat, 1 Dec 2018 23:06:51 -0500 Received: from mout.gmx.net ([212.227.17.20]:58609 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725294AbeLBEGv (ORCPT ); Sat, 1 Dec 2018 23:06:51 -0500 Received: from ovpn-120-135.rdu2.redhat.com ([98.118.28.103]) by mail.gmx.com (mrgmx101 [212.227.17.174]) with ESMTPSA (Nemesis) id 0Mc9U3-1gl77u3cql-00JZIG; Sun, 02 Dec 2018 05:06:34 +0100 From: Qian Cai To: kadlec@blackhole.kfki.hu, pablo@netfilter.org, fw@strlen.de Cc: trivial@kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, Qian Cai Subject: [PATCH v3] netfilter/ipset: replace a strncpy() with strscpy() Date: Sat, 1 Dec 2018 23:06:01 -0500 Message-Id: <20181202040601.8432-1-cai@gmx.us> X-Mailer: git-send-email 2.17.2 (Apple Git-113) X-Provags-ID: V03:K1:EUPh52p/anMe+8o3ZxVrlQalgJCIRl6Mwv0h08phxMfojzIMjIz KMIwEiOMS/r/k2Zv2g4iVJFB3AXNfgFKWBCYC7rqaP3NkvNntuYmf9eYcpD/MPGOILyplVl LPBRUX/VKJio1sg6Zu12yU+kWrwIUzXo8FQ54KxO6BK42HLgVdtFUaUpgKUPVNAahjgF44/ T4khGkiP+SZvLkZoDBlQQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:aXBeE9PuE10=:Qhj4ToU96zfpcplgbCltiK aS42gJCZsHmo9VtFMpGXoxAaSRyiip+mjy04hokkULG8EHltd2unSo5yduF2QAAyX/7D8SCgY mQ7gJ76r3bxybP0WLjFI1sQxC6JPqRwzMUjwDX7f0+frPITiup3ieyR2KG0cq9L/CY72K+vXL lerOZ7+LsZaVM3vU6ID7AjGXTm1o5xGw0KZpwJ8tHMkb2gAH2kXlZ8lbsfIar9/Wls+4TkWFm NzAKnh02ROe0lqgp0LV6K8GLhkdGnCaIzbIivz23jmdKfEAMyIIK6pH5vV0aFRc2xYN1jXBIR vv21rgc2/qFCZ7SyXYRuXdvrxPU9D7X7nBLH82LeGcUh4HlufQa7IaziN/VJWRLS/8jAuKdkv 2nuROdog3nqb8vY3qtnhf6SpOSiSOEVAXaYXipf4Kbzndx/S5PhTexawemP6nEaB9LmosqUMJ zJtJWTBYma4kpmZgI9zyxeKgj0rKos0mDsS38R0Dek4qafqMp4+wyW3EtYy72SS9vFMooGGEu QFnrScjCu6F7JXa2RG0OVGQvSZwpJfx1L3VmRcHrEOiQQcXI1yCqRwlXl7vPD4k7oTCm+KOex OdBH1vLSmxT5SChHagpXXGaSHLqbQtF17bAhMeDx68qeI2FCtCwPVsJwT11LEQs4gUJn8cHqk /3z/UzuPMRdoRzOyHM9LS6e7oaKX+W3e2rO3o0ZiCThBayQD7S+JFNy8Yfn0RkbvYrdV4gJf0 ZSAbwaXgZUmuVIh2UtzmxQUMD6LLMzzaLtF8JQ71lJ9YJQNa9OCLmJMrqk79NL34bLxURqIuU uCxmdcXQmS29hU/LRUPaBWp+uu7kQcFEj7DKejfiF9Mit5HiVAtLjgmCi+1hk3UawEWfGVL/O B8L4wpLZpA9F1kUbb/4CCB0UUxm47BX8bfoXPrtEI= Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org To make overflows as obvious as possible and to prevent code from blithely proceeding with a truncated string. This also has a side-effect to fix a compilation warning when using GCC 8.2.1. net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get': net/netfilter/ipset/ip_set_core.c:2027:3: warning: 'strncpy' writing 32 bytes into a region of size 2 overflows the destination [-Wstringop-overflow=] Signed-off-by: Qian Cai --- Changelog: * v2: - Released the lock for the error-path as well. * v1: - Checked the return value. net/netfilter/ipset/ip_set_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 1577f2f76060..33929fb645b6 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -2024,9 +2024,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) } nfnl_lock(NFNL_SUBSYS_IPSET); set = ip_set(inst, req_get->set.index); - strncpy(req_get->set.name, set ? set->name : "", - IPSET_MAXNAMELEN); + ret = strscpy(req_get->set.name, set ? set->name : "", + IPSET_MAXNAMELEN); nfnl_unlock(NFNL_SUBSYS_IPSET); + if (ret == -E2BIG) + goto done; goto copy; } default: