From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A17CC04FE1 for ; Tue, 8 Aug 2023 22:48:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231445AbjHHWsj (ORCPT ); Tue, 8 Aug 2023 18:48:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230327AbjHHWsf (ORCPT ); Tue, 8 Aug 2023 18:48:35 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE808129 for ; Tue, 8 Aug 2023 15:48:34 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-586bd766310so35963657b3.0 for ; Tue, 08 Aug 2023 15:48:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534914; x=1692139714; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=TmxbnIjb/GqnmOwdg1rDIRZFSHSZsVM8YSAQMHLnbME=; b=aIe42t0D+ftKfG+ClAKmcOJv9mfebYDaQmvdUgboDYiuG7ilotz/5nbttvtF9fDi1O rDs+7df7Cjn2shLvTm3qNsiEBm8OAhAGyBYA8+AW/pofGiv6RHPapbcws6nbEk9HrPGS jdpUQ2BCppjQpV6sMqGiCLG4WGKm2D7YKRlPEGM+eVzHKsUpnoDU0g025UZnAtmR5xKS 69kyYON2cNSaE9f11a+LbFMqSZNt4tUq/usnE638ystMj35JNiukiKDpxLr0+iFW4Iwk J0bUrgboDjs3jAOSnOJyEJ65ZJ5Jx29Wa8GeSwiRYeXVg8OBaqUv/tSju9f+CoMdqa+d o0+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534914; x=1692139714; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TmxbnIjb/GqnmOwdg1rDIRZFSHSZsVM8YSAQMHLnbME=; b=Rh0hqo6zyN08T+CrHNsO3yrh9o808XoMkqWdFLhKGnsCMOEn1jVDrrLvx7sEXpWQOI LBThFXx93nY63Uz4d3QVMi303WMU6ijJwGrYxdtksXdB/BBBzA9NwgTT/EcjeY3en/h1 OTNf/VqwXaRk2RwLse+BopMGar049AfXwxo4OmBnRbd0SUXJwwE96Sxhzp5NQtBmwOSM g4q2ckp5naQea+shnVX6Fy1cnW91Ud/zS8Ssa5h1cp3FgWfhEjW3o2yXoyy4fg2ws7xE BZYm/2YOVq8asFs/WxduL2kzBky35Nxy/Aq+qRBTS6d5yE7wASuzBJqzsiyAI/xdcxgp SVvg== X-Gm-Message-State: AOJu0Yy4lj8FuYhZTHMgQKpnMc3cjdBCLWFOzkcZoaAbs2u5F6UUDrQO OJQ1G/5cZ0Zzvl7g2PVx2JXwQqvOWKehLOnx3w== X-Google-Smtp-Source: AGHT+IH1R6MtPcgGGYPgM2RykK/TeOvNqFtYstVlX2iypy2EipYIxRKnBXKcog/LYd4QF5rzW3sffHKNadArPUWkLg== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:440f:0:b0:576:9519:7085 with SMTP id r15-20020a81440f000000b0057695197085mr21593ywa.7.1691534914271; Tue, 08 Aug 2023 15:48:34 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:06 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=2289; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=DmlnBBnHsP5QeIGI++tEAn9BIzXi+bfjHimTMSaz/pg=; b=620tlRlsF6w/UUZG5WGZx2U4Mf2LH5YYLrf8rikieAPOtoORP/uUHedtmuqLWAwhLMG5oiohV aRW3uUVCq+7BzN6wbjpH81lJbtdkmWqFFVPVtC/eGuYqCKR1vIDbvcj X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-1-efbbe4ec60af@google.com> Subject: [PATCH 1/7] netfilter: ipset: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Fixes several buffer overread bugs present in `ip_set_core.c` by using `strscpy` over `strncpy`. Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt --- There exists several potential buffer overread bugs here. These bugs exist due to the fact that the destination and source strings may have the same length which is equal to the max length `IPSET_MAXNAMELEN`. Here's an example: | #define MAXLEN 5 | char dest[MAXLEN]; | const char *src =3D "hello"; | strncpy(dest, src, MAXLEN); // -> should use strscpy() | // dest is now not NUL-terminated Note: This patch means that truncation now happens silently (which is better than a silent bug) but perhaps we should have some assertions that fail when a truncation is imminent. Thoughts? --- net/netfilter/ipset/ip_set_core.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set= _core.c index 0b68e2e2824e..fc77080d41a2 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -872,7 +872,7 @@ ip_set_name_byindex(struct net *net, ip_set_id_t index,= char *name) BUG_ON(!set); =20 read_lock_bh(&ip_set_ref_lock); - strncpy(name, set->name, IPSET_MAXNAMELEN); + strscpy(name, set->name, IPSET_MAXNAMELEN); read_unlock_bh(&ip_set_ref_lock); } EXPORT_SYMBOL_GPL(ip_set_name_byindex); @@ -1326,7 +1326,7 @@ static int ip_set_rename(struct sk_buff *skb, const s= truct nfnl_info *info, goto out; } } - strncpy(set->name, name2, IPSET_MAXNAMELEN); + strscpy(set->name, name2, IPSET_MAXNAMELEN); =20 out: write_unlock_bh(&ip_set_ref_lock); @@ -1380,9 +1380,9 @@ static int ip_set_swap(struct sk_buff *skb, const str= uct nfnl_info *info, return -EBUSY; } =20 - strncpy(from_name, from->name, IPSET_MAXNAMELEN); - strncpy(from->name, to->name, IPSET_MAXNAMELEN); - strncpy(to->name, from_name, IPSET_MAXNAMELEN); + strscpy(from_name, from->name, IPSET_MAXNAMELEN); + strscpy(from->name, to->name, IPSET_MAXNAMELEN); + strscpy(to->name, from_name, IPSET_MAXNAMELEN); =20 swap(from->ref, to->ref); ip_set(inst, from_id) =3D to; --=20 2.41.0.640.ga95def55d0-goog From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E1E4C04E69 for ; Tue, 8 Aug 2023 22:48:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231443AbjHHWsm (ORCPT ); Tue, 8 Aug 2023 18:48:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47522 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230173AbjHHWsh (ORCPT ); Tue, 8 Aug 2023 18:48:37 -0400 Received: from mail-oo1-xc49.google.com (mail-oo1-xc49.google.com [IPv6:2607:f8b0:4864:20::c49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B5D2114 for ; Tue, 8 Aug 2023 15:48:36 -0700 (PDT) Received: by mail-oo1-xc49.google.com with SMTP id 006d021491bc7-565893ef956so8901215eaf.0 for ; Tue, 08 Aug 2023 15:48:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534915; x=1692139715; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2n+nft1J+ou/Hn4BoHtSydnM2Q6o7LrROT4GXzieyqk=; b=Z4tv8uuXCuHU3DyrL7CiwM7GRo//gKoN1gu49jVnkLDa77GxmOTvrZb6iVPtpovqAa y/YZP94ASRtbfUFGv2+k/+4bVka6Zb8iEhQgqrCavmKZqb5Vf3DMxM1GXr8d184OeWox Jkmar07CKdQd0GpGqnTygT2rhd0kL32dr73jAc1qnhLAgdE130ZeCZfffAKAkJ6p4g+3 Dhu8FFeDILrfEK66hbM9G62Cn84pEjVIyl6RtRVPcwxUI4pmvlJGyT/b7ZFu6jTEPe4q d4n4ZEeUzxKpvL+rOyjg+0S0zqmMfzBzAsT4DyiSxbJFnPTWrd8jZrG0UVA3jQ81IpYK PMoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534915; x=1692139715; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2n+nft1J+ou/Hn4BoHtSydnM2Q6o7LrROT4GXzieyqk=; b=eiM7Z6MzQu41d4S7pI6q6C53Vy6aWA4GlAx5aiKrIieXEYlemd0r83gBQTE8p+sDXA csE0z8ymXLu7+BG+VbaNfrEn+YaX3FQ52aoDQ0a6SGuh3Eg5q1Fnl6J80euYuH9Y8xgn +g4CsZ8GLXU11a5CMSxf8MEIjLxlLjlsCHFI79pv24yrupqhWUIq+MHrJlrYgYmUmve/ W0q0HmFDr54VIIGNejj1wQLx+Fnd3L32eY0Bg2rSYVQI3fsjFxwT6HdLDMeZK1TONR1E L5mekHWCMJgEmlr/s8wcmVOCKfjqRVYsD/YLWSE1j2ytuQtRWSYXf1SkDvwlZ5MXKVzc cmrg== X-Gm-Message-State: AOJu0Yzm5qwU/DTTeShlKZdw0jqzBkV02XPYEV0Sjvbo7c9AiZUqsm2d 23SlZsau3mE4BWic79RUKC1m/C3yLbl4I6HQpA== X-Google-Smtp-Source: AGHT+IG33SMyJD9jmKUFIKwhFa1OIm3UDBC6wsCIb+3jj0vK9d47zhFOBFyzd3Ind1lxI6YX0YxchI++1WpiDqFOxQ== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6808:180f:b0:3a6:feb1:bb83 with SMTP id bh15-20020a056808180f00b003a6feb1bb83mr630290oib.3.1691534915476; Tue, 08 Aug 2023 15:48:35 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:07 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1355; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=h9/FJ0Derc+kHy1+HyfJeM72Jn/xHxsLrarMyJSTkdI=; b=nCzazijk+LV8MhghKkMBl3+PR9A0KP6j7aeC8rKtHaGSgAXmI98rCZPOtIh3eqAsdnnK140X5 2tW2f/G0EY9C+Xes0E05fHk1dEoFtF75/yOMaNAtBErqXMEO7z5CTOV X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-2-efbbe4ec60af@google.com> Subject: [PATCH 2/7] netfilter: nf_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Prefer `strscpy` over `strncpy`. Signed-off-by: Justin Stitt --- Note: It is hard to tell if there was a bug here in the first place but it's bett= er to use a more robust and less ambiguous interface anyways. `helper->name` has a size of 16 and the 3rd argument to `strncpy` (NF_CT_HELPER_LEN) is also 16. This means that depending on where `dest`'s offset is relative to `regs->data` which has a length of 20, there may be a chance the dest buffer ends up non NUL-terminated. This is probably fine though as the destination buffer in this case may be fine being non NUL-terminated. If this is the case, we should probably opt for `strtomem` instead of `strscpy`. --- net/netfilter/nft_ct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 38958e067aa8..10126559038b 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -108,7 +108,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr, helper =3D rcu_dereference(help->helper); if (helper =3D=3D NULL) goto err; - strncpy((char *)dest, helper->name, NF_CT_HELPER_NAME_LEN); + strscpy((char *)dest, helper->name, NF_CT_HELPER_NAME_LEN); return; #ifdef CONFIG_NF_CONNTRACK_LABELS case NFT_CT_LABELS: { --=20 2.41.0.640.ga95def55d0-goog From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0C72C04FE2 for ; Tue, 8 Aug 2023 22:48:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231627AbjHHWso (ORCPT ); Tue, 8 Aug 2023 18:48:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231422AbjHHWsi (ORCPT ); Tue, 8 Aug 2023 18:48:38 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57419129 for ; Tue, 8 Aug 2023 15:48:37 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-56942442eb0so73698087b3.1 for ; Tue, 08 Aug 2023 15:48:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534916; x=1692139716; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=pWB/bxoqLSL/ZtMTZ8dV/jChYqo6p+fCOGWCHHtspAU=; b=l0+YZUWT9MVORUoAKyZtIiSvH9yjrNYKYquI4h6G3Bw2EZqzd31uHqgRU63WUeJiTY CpJguIuWZtSwCxzXZL7m605eZS8Es5f38S3flkVmk3kM8LB0HvSqtkdI1c7Z2AyBkGtq 5NfO/1zVNGQ5YGvx0dhjCckfQkOwM8SuFYDezhYuUQtB+xJ3JKUpKSCYccD2Z2qKxi22 OO6RsTdtADjOReVX0UY1bUfshvROIJWuQWuJYZtqakkYY3FJ3grYtZbKyVjGMV37v+ur OCp34anb+2N2Kvfjr0/rniDTTRMNJAKTjeHOC8KCmX2XwY+Iinw733StNw48QbzrItoa QVdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534916; x=1692139716; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=pWB/bxoqLSL/ZtMTZ8dV/jChYqo6p+fCOGWCHHtspAU=; b=em/zvKz9GkJL/QyW47ByBpiAx2cMB2fSpvpNxEPSLy1yJkObECY5I4/2VJpfEukkH7 kntZe4p6N3c+wEr2kGaz5h5iOlwPxJ4N9Bp0vWSjby9Ldhlk44GvMqwqMsTtmBuL2ZCE jvN78yuM7Oh9ndb4peABjLMKvO6PhyuNZXWK4OHj7FwTZhzY7lA/3O9sRqt7x7bcVoI2 kReH9BXrSzmEyX2L8IKvQBF0NUWaon9MBDiINRJxUyiRYNhsEJehiifNTyAvR33OAJUq Z7W6shj+EzjQVG0HRdUANlcsinZK/rY3pKGLEjFOpjY4U/Ta4vXofqYQrmpBgAcDfJx1 ZmUw== X-Gm-Message-State: AOJu0YyuwfhohN7Q+zn6FYSx51Dgq0bWRbbBwgauDLbhK63upDbGhhU2 KiEdKloQKEXl8pxhcDW99fHVlxG/d2wl4meFqA== X-Google-Smtp-Source: AGHT+IEZqIi+KfXakktMR77yvcqvv7E79OwhtWF6B0zRs21LhdiLRA3ymZOhLEcubECjKuLZCFe6Vy5Az1cpq5gVng== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:ae05:0:b0:579:f832:74b with SMTP id m5-20020a81ae05000000b00579f832074bmr22779ywh.10.1691534916696; Tue, 08 Aug 2023 15:48:36 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:08 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=968; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=ql8BKCTJsc3POKLEq/ADab6DF9AYOTL/azd4EamUBcI=; b=P3R80qBBGIzHAbifBNpGmUCEncCAPqmEwus6LSS+QDg9lMvg2IHe2edYrrt/QOZp2p4frMdd+ ACoDi+vL9tDBW4ezE6keUa+9XyhIWr0M32IT7a0qKJXdIEfk7Y9a0tM X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-3-efbbe4ec60af@google.com> Subject: [PATCH 3/7] netfilter: nf_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Prefer `strscpy` over `strncpy`. Signed-off-by: Justin Stitt --- Note: `strscpy` is generally preferred to `strncpy` for use on NUL-terminated destination strings. In this case, however, it is hard for me to tell if the dest buffer wants to be NUL-terminated or not. If NUL-termination is not needed behavior here, let's use `strtomem`. --- net/netfilter/nft_fib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c index 6e049fd48760..f1a3692f2dbd 100644 --- a/net/netfilter/nft_fib.c +++ b/net/netfilter/nft_fib.c @@ -150,7 +150,7 @@ void nft_fib_store_result(void *reg, const struct nft_f= ib *priv, if (priv->flags & NFTA_FIB_F_PRESENT) *dreg =3D !!dev; else - strncpy(reg, dev ? dev->name : "", IFNAMSIZ); + strscpy(reg, dev ? dev->name : "", IFNAMSIZ); break; default: WARN_ON_ONCE(1); --=20 2.41.0.640.ga95def55d0-goog From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AFE1C001B0 for ; Tue, 8 Aug 2023 22:48:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231649AbjHHWsr (ORCPT ); Tue, 8 Aug 2023 18:48:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231374AbjHHWsj (ORCPT ); Tue, 8 Aug 2023 18:48:39 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 632B8114 for ; Tue, 8 Aug 2023 15:48:38 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5868992ddd4so73884587b3.0 for ; Tue, 08 Aug 2023 15:48:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534917; x=1692139717; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+19GBVsvDAVjAStBWUAxMG4PPU/OGJ0H5JL5ZuTDef8=; b=33XuWQ+JZacYiunpRf/VpLL+ieGu6gFKhP/kfQt/A/PUBZLTtlxm2/2ie17ypqdLXY XZ7+ymtQ1v237YLPLscwE4bYYZtLPGAUnvBPdCwgT4CADDloYMGmBTI1DA7qAvS1R5dj X5875/w1a0yhqtAQvxC6fc6uFKRhNLsFUanyAesrsxo13nRi2pfWJejJ9tJxOcxd8dpF ueY3fqdWb4iOeEX+HcwPaNrfJYa2/TrdvsAEOpb205dHLWqEOgdL1jjKWHfUJjZd2v2z 9oPx/UHQiuz+JRfRFEOY0zAGyBLscrLc721CcjSFpnolkANjOiG1ia1lj7+HQvcd3e7U YNig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534917; x=1692139717; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+19GBVsvDAVjAStBWUAxMG4PPU/OGJ0H5JL5ZuTDef8=; b=EiBOr7pdpsruiBl6gfbfn+i3EqRSuBW/cr6s54cGSgsjtiE6DmVWlrcEs3Lc1SPjNa UhhdgGS/OD03bRnR5xDZQCtjo2Qi0buq7EAt7wl0RHG82nPoJsjGJXXPnCJZwoKORvfr rQXM8/1QNXDHZ4h4QkRp2iVWZujbJpTgoJ1BeLdqOEAdK0Ytaa4XKPO9AnL15BSyQnHs GCHU9UA8D7yGhRMCNPXq8Ja+spx5DB6p0CVW/bGzIgKiVxbha78OdF6mkh13jXIRZ3yq 90Fb3PQI6TAobTCI2oscYHkOBkI5gPSgE8sAJUURPL2j6um0D8Ko+34wO8z70D6xT6Bq yaKA== X-Gm-Message-State: AOJu0YwOx3Wn2fK212k02MSVYYb4up/LNsOmwSgZ+AotJMrICCWZ1Q5S oSYnTY4pc1OQ5iy7dE9go6jfKQO4OJu1dQymGw== X-Google-Smtp-Source: AGHT+IFmi1uCoUT8+dYsT7cZBMlrh5k6XVkXA76elJmMnRkNeuD4fuUb4fXU9XUyJeJrtDUUPIvD3QYnLXeDP+3YLw== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:414c:0:b0:583:a3c1:6b5a with SMTP id f12-20020a81414c000000b00583a3c16b5amr23219ywk.4.1691534917623; Tue, 08 Aug 2023 15:48:37 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:09 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1607; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=GBQjyBthg5dmrMfaCEkr5QXSIAmXCZ5owhSbCo8Ik6c=; b=l4qPLd4+/BNAz/Lm7D/syXKR78TObwPJdYwbnpE7ksVaBVJA3lf0WqxSNnU3hcPfzO6VTlbM+ dgb9SEDK59NATnse+FDklDxWNo24X2WOTSFQSKlQggwoEor3t6oFjrl X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-4-efbbe4ec60af@google.com> Subject: [PATCH 4/7] netfilter: nft_meta: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Prefer `strscpy` to `strncpy` since it's more robust and less ambiguous. Signed-off-by: Justin Stitt --- Note: I wasn't able to tell what the expected size of `out->rtnl_link_ops->kind` is. If it is less than or equal to `IFNAMSIZ` then there was no bug present and a bug present otherwise. Nonetheless, let's swap over to strscpy. --- net/netfilter/nft_meta.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 8fdc7318c03c..de8ced05a273 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -185,12 +185,12 @@ static noinline bool nft_meta_get_eval_kind(enum nft_= meta_keys key, case NFT_META_IIFKIND: if (!in || !in->rtnl_link_ops) return false; - strncpy((char *)dest, in->rtnl_link_ops->kind, IFNAMSIZ); + strscpy((char *)dest, in->rtnl_link_ops->kind, IFNAMSIZ); break; case NFT_META_OIFKIND: if (!out || !out->rtnl_link_ops) return false; - strncpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ); + strscpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ); break; default: return false; @@ -206,7 +206,7 @@ static void nft_meta_store_ifindex(u32 *dest, const str= uct net_device *dev) =20 static void nft_meta_store_ifname(u32 *dest, const struct net_device *dev) { - strncpy((char *)dest, dev ? dev->name : "", IFNAMSIZ); + strscpy((char *)dest, dev ? dev->name : "", IFNAMSIZ); } =20 static bool nft_meta_store_iftype(u32 *dest, const struct net_device *dev) --=20 2.41.0.640.ga95def55d0-goog From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45745C04A94 for ; Tue, 8 Aug 2023 22:48:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231752AbjHHWsu (ORCPT ); Tue, 8 Aug 2023 18:48:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231473AbjHHWsk (ORCPT ); Tue, 8 Aug 2023 18:48:40 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E362136 for ; Tue, 8 Aug 2023 15:48:39 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d06d36b49f9so5788266276.1 for ; Tue, 08 Aug 2023 15:48:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534918; x=1692139718; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FjrWn1fSMygYDZZgckHhk0mXRfqs5Nidx65ICO3A52I=; b=gV4k4AQmJbNKxgLMYapJVIyO+9QcRPAfIhEdNQg0adenoyHWaTerujLmngfOXKcDvE DH3nTqA0kwzcCzLf6rxttNAOaJi/l5pr5ZiQFaLGXpuby+Az24eT0gxFj9TXFKS/4OX5 VfWhqmlOIrgsoLOGFKr5LcIyQkoqKUdV2n+sWwqJ2G1B99tL7e3HTacu1x99c9fvCSZM BJXaYkIwuqE+r7BOIKKIVjI8XEkaZbNeH2eYr148VmffSGU8/uWx9fjbing1ZRjq3vss hg76ITGXmsQEVRX3T+Y1ADizkXb6H36uNS1m4cqUy9bQgz/myepQzF5SKC77aMhxtNaY izGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534918; x=1692139718; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FjrWn1fSMygYDZZgckHhk0mXRfqs5Nidx65ICO3A52I=; b=BVJzLxa4GpYsU2hUMV4hjg676Bv18JvNARYUYoqQN79c5j3dYbETxXMgEUrfAmuIzg 45163iTlLqwou+TxWY1FlLFdZ+heMU0NN9+pdFLK7hYzXMQuHJbEm8kZ9uU/9Ll2yC+n ZHJwpj422IygM5F6rHsmA73N4qBQAuaHvAHD5KECGFFeeclwyy9Xhm9Ktgb99CCgOSZw gyz81IhHBKRUGXC4hy8v1aiYGhq/UCqCcFjPr+ksAMEbjJfNKcDzsTRwAEy7UKNfxQWk pXBex9KFlN1m69QfC9INVncSSd0MYzpg8PjEmAO84gZ49X0mJjp6I5ZwNwzwVKGZeH1Y rkRA== X-Gm-Message-State: AOJu0YzBVMKDFtM1ajoh6AWNBnIPlOgG1jhLjgHpjOsNHzAhChTZfmBn +VOAtWmbsz0Enh0JuZTCFagOxWse7WmBZiFRkQ== X-Google-Smtp-Source: AGHT+IGmyferwFNnbxw0iCzx/r3zkBXWgrh+IPzWVl1hamVpmOKPWK2mKFogqArbcsqyWhuzHoHX0ySiHTOwsP9CQg== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6902:690:b0:d46:45a1:b775 with SMTP id i16-20020a056902069000b00d4645a1b775mr21159ybt.3.1691534918649; Tue, 08 Aug 2023 15:48:38 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:10 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1584; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=TYjOW+AvMsSrKx/9aDmBZSW/vTLjOkdZMrUIxM50vSU=; b=RGO1nAXLC7fjnapekTUAeCHeVncKTCYqVtHP5+QOVJP9VkBsqI4ExgD47xSB2HnII22YwkXMP Jzqi8qIzqKQBStS0NzWem8DN0iJX/MUqERbE9rWZLT517qZ1WczKGid X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-5-efbbe4ec60af@google.com> Subject: [PATCH 5/7] netfilter: nft_osf: refactor deprecated strncpy to strscpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Use `strscpy` over `strncpy` for NUL-terminated strings. We can also drop the + 1 from `NFT_OSF_MAXGENRELEN + 1` since `strscpy` will guarantee NUL-termination. Signed-off-by: Justin Stitt --- net/netfilter/nft_osf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c index 70820c66b591..4844e0109a58 100644 --- a/net/netfilter/nft_osf.c +++ b/net/netfilter/nft_osf.c @@ -23,7 +23,7 @@ static void nft_osf_eval(const struct nft_expr *expr, str= uct nft_regs *regs, struct nft_osf *priv =3D nft_expr_priv(expr); u32 *dest =3D ®s->data[priv->dreg]; struct sk_buff *skb =3D pkt->skb; - char os_match[NFT_OSF_MAXGENRELEN + 1]; + char os_match[NFT_OSF_MAXGENRELEN]; const struct tcphdr *tcp; struct nf_osf_data data; struct tcphdr _tcph; @@ -45,7 +45,7 @@ static void nft_osf_eval(const struct nft_expr *expr, str= uct nft_regs *regs, } =20 if (!nf_osf_find(skb, nf_osf_fingers, priv->ttl, &data)) { - strncpy((char *)dest, "unknown", NFT_OSF_MAXGENRELEN); + strscpy((char *)dest, "unknown", NFT_OSF_MAXGENRELEN); } else { if (priv->flags & NFT_OSF_F_VERSION) snprintf(os_match, NFT_OSF_MAXGENRELEN, "%s:%s", @@ -53,7 +53,7 @@ static void nft_osf_eval(const struct nft_expr *expr, str= uct nft_regs *regs, else strscpy(os_match, data.genre, NFT_OSF_MAXGENRELEN); =20 - strncpy((char *)dest, os_match, NFT_OSF_MAXGENRELEN); + strscpy((char *)dest, os_match, NFT_OSF_MAXGENRELEN); } } =20 --=20 2.41.0.640.ga95def55d0-goog From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A005C001B0 for ; Tue, 8 Aug 2023 22:48:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231771AbjHHWsx (ORCPT ); Tue, 8 Aug 2023 18:48:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231534AbjHHWsl (ORCPT ); Tue, 8 Aug 2023 18:48:41 -0400 Received: from mail-oa1-x49.google.com (mail-oa1-x49.google.com [IPv6:2001:4860:4864:20::49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 948F1129 for ; Tue, 8 Aug 2023 15:48:40 -0700 (PDT) Received: by mail-oa1-x49.google.com with SMTP id 586e51a60fabf-1bf00c27c39so10387690fac.2 for ; Tue, 08 Aug 2023 15:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534920; x=1692139720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; b=ZowPnFVAEOQu1o/+XzT8fcaX6DHlVccwrE7gGNHkAx3YDdV+D3o7fUpYyj/vi1Ct5Q +QYJDWnAhftWiK8EgTciXmjxfJNfL1DHfcE3o+XOVVHbUUBr2oc33L84fXDKdg0spibe GZ5bqdG9qrHx/UtSzbaBTMqp6lQxfoXnPa2UM0vLrI7Zb2YiefFjL0pSu/+rNaKy1wlN XhfOQJjCKLo/y7i/PPyKhKK6HKjXtVSpBWc22UEpkQAx89z/FVCmSvgnGCxbk5FjWRbD QKj317GKJBKiDYTXPzGM5v1TxwYmVWI7QXAAaldoX9Tx9r5cTrpz+UfvZC+saxnSr//L 67Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534920; x=1692139720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Pvwje1x+fgK9E9IR7qsfn31Dc5XiXldAZ1Fo1xHQpAo=; b=d0MEXhZKswMYt5S7gGd9B5+otvxvpdcwmUUVPWDgBbByboLkj5ViNiS0VVuwvLMG3P LRsgXgkOU7qtbss8CgCVhJKMkaAwqnwZA3JVoc2y2EBDSs81mAoF3GB6E028NPIpNlYu 9MKRnwVWpOVNqeXtPyKlLDgVWebxgFm6U/AlR1ZHHKQT2XdsPYNmdFp6tar3Q8V5mP1T yzUkboTYLFdY3g+haDAsYog4MOyO7dNojKzYJsVR4InSmOhqk0NVWYbsVmxCKHRh4Duz khTTT+VODN4/qQEHPwSY3vUx+GHT8iaO4Bb97//XHlY7pyLVr7wNLYFqZEhpyNXT6H8J qnTA== X-Gm-Message-State: AOJu0Yz0zu7NuhF6KhYok2iqW7gqhEjaeAM/fb6y/JKPIrcWAjMgIaqo zuPDA2PdbYviInMAjgzLY60ZLQCLwRnyi5BS5w== X-Google-Smtp-Source: AGHT+IFfTapulzyD7mF8uId+U6qhT9W1jzh/xLHutjoQ+baESmwt1nASohgDjGgqfc8DbSFYevzOUew1G7Fcn9bwfg== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a05:6870:5b03:b0:1bf:a06f:ce6f with SMTP id ds3-20020a0568705b0300b001bfa06fce6fmr315997oab.9.1691534919982; Tue, 08 Aug 2023 15:48:39 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:11 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1616; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=epcsNlzjLL3K9DAOvrsRp37/1eZVu8TeiuJpMs34l/Q=; b=L1P2cQc3z99LSWR/qio44oxncmlWLIBSvxY6HOu5W2BRo4B41BhDGwuAbcow63n2hPhRjceUI 9E5bGIoGP2nDYAORkqUToKLoCEdCN/nRopReeZhHhL/7pSX4tiOQrrn X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-6-efbbe4ec60af@google.com> Subject: [PATCH 6/7] netfilter: x_tables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Prefer `strscpy` to `strncpy` for use on NUL-terminated destination buffers. This fixes a potential bug due to the fact that both `t->u.user.name` and `name` share the same size. Signed-off-by: Justin Stitt --- Here's an example of what happens when dest and src share same size: | #define MAXLEN 5 | char dest[MAXLEN]; | const char *src =3D "hello"; | strncpy(dest, src, MAXLEN); // -> should use strscpy() | // dest is now not NUL-terminated --- net/netfilter/x_tables.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 470282cf3fae..714a38ec9055 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -768,7 +768,7 @@ void xt_compat_match_from_user(struct xt_entry_match *m= , void **dstptr, m->u.user.match_size =3D msize; strscpy(name, match->name, sizeof(name)); module_put(match->me); - strncpy(m->u.user.name, name, sizeof(m->u.user.name)); + strscpy(m->u.user.name, name, sizeof(m->u.user.name)); =20 *size +=3D off; *dstptr +=3D msize; @@ -1148,7 +1148,7 @@ void xt_compat_target_from_user(struct xt_entry_targe= t *t, void **dstptr, t->u.user.target_size =3D tsize; strscpy(name, target->name, sizeof(name)); module_put(target->me); - strncpy(t->u.user.name, name, sizeof(t->u.user.name)); + strscpy(t->u.user.name, name, sizeof(t->u.user.name)); =20 *size +=3D off; *dstptr +=3D tsize; @@ -2014,4 +2014,3 @@ static void __exit xt_fini(void) =20 module_init(xt_init); module_exit(xt_fini); - --=20 2.41.0.640.ga95def55d0-goog From nobody Sun Feb 8 08:42:52 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A904C001B0 for ; Tue, 8 Aug 2023 22:48:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231786AbjHHWsz (ORCPT ); Tue, 8 Aug 2023 18:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231543AbjHHWsm (ORCPT ); Tue, 8 Aug 2023 18:48:42 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 947C5E40 for ; Tue, 8 Aug 2023 15:48:41 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5896bdb0b18so6726827b3.1 for ; Tue, 08 Aug 2023 15:48:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691534921; x=1692139721; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=G9OF2QFsiP3MkrzN4gKJO5o0WhLZ6LzcN9E8K6dc8dQ=; b=Tk5sym5cRDFSry8K+vc1HytKkY3IbV6iZulQcdqzajiE0IVk3xAlVvRndUZmAf1bym qmBA/CUFS/PGUXiFjGhkccdVwoX3zHUdcOMoLvXMMUMjR8yufvUM3BMxdbZVUZUBohHJ XDd0dKfCAqHUdAGRMbnyrr4FGDyVDAC1FubuFJd7iCMUjnLDpsu9n3DTiB9Phq8Qvf0E q8U2keEGG0MEUAozFw72uG4Zvu2LbBhukIi5JUVz+Vr+B72eM5IBoS4QlmZ4vDb1Wq63 DfyTE1Qq1a9iFWqR253R9wuYjfP9rEWY7oXwiicHyPCLs7WfdwbOq9mI2Yx1daOUKLxs Jqyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691534921; x=1692139721; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=G9OF2QFsiP3MkrzN4gKJO5o0WhLZ6LzcN9E8K6dc8dQ=; b=RGWseE8WH9ty8XoRVNKIP4khdqOo8ONFN0Rq1kWL7oxzbqiS1DQXKllmDDuEZMnQJB SMhmDNyXKTL1Vh7dN6FRUdJbyvhd+wW8qTqgMZETQUPSosfMpBMHc4DzR6BjgLs8NYB6 SQlFbRfL6TV01tXroNtL+lkjTPeENidvZvVMkcXYjMLESBHMH2t5K4vJScZvAWsQCBNp ySWw47uGBjnHIRJRZJ3Bny8sxPm9obH55M7df9rjwud060pC2RaMeiw3p2vHEgKAAY6h bMqKe/BM9ryNGkZIEj1KnUH6IiGPpQlB6izbddOtRSJhVT/QLK0Cpihhixv00yEDSuoB nwjg== X-Gm-Message-State: AOJu0YxAm/CKZWw1eZhDfciKAqvrO67leLZO0pnK4GBwgaarVAC+EX5j X2RdP/JrCTDCLAxOtXMDmrtAdexflIGkFMQIUw== X-Google-Smtp-Source: AGHT+IGCyJW7+H01CcBpmwMLWO4IJOM2JRZefUJenQ9SapEIQSusWKx57m2Q2rpVYsPLUriKIRjxQtAgRFf96MgkCg== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a81:b61a:0:b0:586:e91a:46c2 with SMTP id u26-20020a81b61a000000b00586e91a46c2mr107296ywh.4.1691534920928; Tue, 08 Aug 2023 15:48:40 -0700 (PDT) Date: Tue, 08 Aug 2023 22:48:12 +0000 In-Reply-To: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> Mime-Version: 1.0 References: <20230808-net-netfilter-v1-0-efbbe4ec60af@google.com> X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1691534912; l=1134; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=Bp+w2rTLNgdzNlxLi9FLD4utZ4QUqpPxaPIds7U/AGY=; b=odK4V1dqN6Y308K04MH8d/MRrkeaDSd1rELzLfU+7SDbRdFBl0nXUSsw+H9Y12YsVkVDC43lj zmYSndS5Js/Dv3+IClsSCDsbs7OJ2vOQ6onFe43X7Ff2wDY/LO6DwG0 X-Mailer: b4 0.12.3 Message-ID: <20230808-net-netfilter-v1-7-efbbe4ec60af@google.com> Subject: [PATCH 7/7] netfilter: xtables: refactor deprecated strncpy From: Justin Stitt To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-hardening@vger.kernel.org, Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Justin Stitt Content-Type: text/plain; charset="utf-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Prefer `strscpy` as it's a more robust interface. There may have existed a bug here due to both `tbl->repl.name` and `info->name` having a size of 32 as defined below: | #define XT_TABLE_MAXNAMELEN 32 This may lead to buffer overreads in some situations -- `strscpy` solves this by guaranteeing NUL-termination of the dest buffer. Signed-off-by: Justin Stitt --- Note: build tested only --- net/netfilter/xt_repldata.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_repldata.h b/net/netfilter/xt_repldata.h index 68ccbe50bb1e..63869fd0ec57 100644 --- a/net/netfilter/xt_repldata.h +++ b/net/netfilter/xt_repldata.h @@ -29,7 +29,7 @@ if (tbl =3D=3D NULL) \ return NULL; \ term =3D (struct type##_error *)&(((char *)tbl)[term_offset]); \ - strncpy(tbl->repl.name, info->name, sizeof(tbl->repl.name)); \ + strscpy(tbl->repl.name, info->name, sizeof(tbl->repl.name)); \ *term =3D (struct type##_error)typ2##_ERROR_INIT; \ tbl->repl.valid_hooks =3D hook_mask; \ tbl->repl.num_entries =3D nhooks + 1; \ --=20 2.41.0.640.ga95def55d0-goog