replace incorrect strscpy use in FORTIFY_SOURCE
authorDaniel Micay <danielmicay@gmail.com>
Fri, 14 Jul 2017 21:28:12 +0000 (17:28 -0400)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sat, 15 Jul 2017 04:56:31 +0000 (21:56 -0700)
commit077d2ba519b2e8bf1abd80cbade699b1de42cafe
tree775557160909897bc6b43de02e5df039cebd9904
parent01ea9177351883f65e696e545820605474adb307
replace incorrect strscpy use in FORTIFY_SOURCE

Using strscpy was wrong because FORTIFY_SOURCE is passing the maximum
possible size of the outermost object, but strscpy defines the count
parameter as the exact buffer size, so this could copy past the end of
the source.  This would still be wrong with the planned usage of
__builtin_object_size(p, 1) for intra-object overflow checks since it's
the maximum possible size of the specified object with no guarantee of
it being that large.

Reuse of the fortified functions like this currently makes the runtime
error reporting less precise but that can be improved later on.

Noticed by Dave Jones and KASAN.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/string.h