net/xfrm/xfrm_user.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
Replace the strcpy() calls that copy the canonical algorithm name into
alg_name with strscpy() to avoid potential overflows and guarantee NULL
termination.
Destination is alg_name in xfrm_algo/xfrm_algo_auth/xfrm_algo_aead
(size CRYPTO_MAX_ALG_NAME).
Tested in QEMU (BusyBox/Alpine rootfs):
- Added ESP AEAD (rfc4106(gcm(aes))) and classic ESP (sha256 + cbc(aes))
- Verified canonical names via ip -d xfrm state
- Checked IPComp negative (unknown algo) and deflate path
Signed-off-by: Miguel García <miguelgarciaroman8@gmail.com>
---
net/xfrm/xfrm_user.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 59f258daf830..d65def556b6b 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -593,7 +593,7 @@ static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
if (!p)
return -ENOMEM;
- strcpy(p->alg_name, algo->name);
+ strscpy(p->alg_name, algo->name);
*algpp = p;
return 0;
}
@@ -620,7 +620,7 @@ static int attach_crypt(struct xfrm_state *x, struct nlattr *rta,
if (!p)
return -ENOMEM;
- strcpy(p->alg_name, algo->name);
+ strscpy(p->alg_name, algo->name);
x->ealg = p;
x->geniv = algo->uinfo.encr.geniv;
return 0;
@@ -649,7 +649,7 @@ static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props,
if (!p)
return -ENOMEM;
- strcpy(p->alg_name, algo->name);
+ strscpy(p->alg_name, algo->name);
p->alg_key_len = ualg->alg_key_len;
p->alg_trunc_len = algo->uinfo.auth.icv_truncbits;
memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8);
@@ -684,7 +684,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
if (!p)
return -ENOMEM;
- strcpy(p->alg_name, algo->name);
+ strscpy(p->alg_name, algo->name);
if (!p->alg_trunc_len)
p->alg_trunc_len = algo->uinfo.auth.icv_truncbits;
@@ -714,7 +714,7 @@ static int attach_aead(struct xfrm_state *x, struct nlattr *rta,
if (!p)
return -ENOMEM;
- strcpy(p->alg_name, algo->name);
+ strscpy(p->alg_name, algo->name);
x->aead = p;
x->geniv = algo->uinfo.aead.geniv;
return 0;
--
2.34.1
On Thu, Aug 14, 2025 at 09:32:17PM +0200, Miguel García wrote: > Replace the strcpy() calls that copy the canonical algorithm name into > alg_name with strscpy() to avoid potential overflows and guarantee NULL > termination. > > Destination is alg_name in xfrm_algo/xfrm_algo_auth/xfrm_algo_aead > (size CRYPTO_MAX_ALG_NAME). > > Tested in QEMU (BusyBox/Alpine rootfs): > - Added ESP AEAD (rfc4106(gcm(aes))) and classic ESP (sha256 + cbc(aes)) > - Verified canonical names via ip -d xfrm state > - Checked IPComp negative (unknown algo) and deflate path > > Signed-off-by: Miguel García <miguelgarciaroman8@gmail.com> Patch applied, thanks!
El dom, 17 ago 2025 a las 16:48, Steffen Klassert (<steffen.klassert@secunet.com>) escribió: > > On Thu, Aug 14, 2025 at 09:32:17PM +0200, Miguel García wrote: > > Replace the strcpy() calls that copy the canonical algorithm name into > > alg_name with strscpy() to avoid potential overflows and guarantee NULL > > termination. > > > > Destination is alg_name in xfrm_algo/xfrm_algo_auth/xfrm_algo_aead > > (size CRYPTO_MAX_ALG_NAME). > > > > Tested in QEMU (BusyBox/Alpine rootfs): > > - Added ESP AEAD (rfc4106(gcm(aes))) and classic ESP (sha256 + cbc(aes)) > > - Verified canonical names via ip -d xfrm state > > - Checked IPComp negative (unknown algo) and deflate path > > > > Signed-off-by: Miguel García <miguelgarciaroman8@gmail.com> > > Patch applied, thanks! Perfect, thanks!
© 2016 - 2025 Red Hat, Inc.