From patchwork Fri Oct 30 15:36:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Francis Laniel X-Patchwork-Id: 1391134 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=privacyrequired.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=privacyrequired.com header.i=@privacyrequired.com header.a=rsa-sha256 header.s=stigmate header.b=Ib9/YJJG; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4CN5yz3ZQPz9sRk for ; Sat, 31 Oct 2020 02:37:15 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727128AbgJ3PhN (ORCPT ); Fri, 30 Oct 2020 11:37:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726948AbgJ3PhM (ORCPT ); Fri, 30 Oct 2020 11:37:12 -0400 Received: from confino.investici.org (confino.investici.org [IPv6:2a00:c38:11e:ffff::a020]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35B54C0613D2; Fri, 30 Oct 2020 08:37:12 -0700 (PDT) Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4CN5yq6qqnz110K; Fri, 30 Oct 2020 15:37:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=privacyrequired.com; s=stigmate; t=1604072227; bh=a8NC42R6u3qlmdveQqeX3g+/yoA0KQ9pNupZi4YG580=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ib9/YJJGeRFgUpki+T+v+8nTyAJmWVrljn9eYxtlNNGSDm2OKgl7R0O/NaqLNIZjh BpFKmo8PYDPWWVGVp7bmfqcEPb/bZ74uOYFdczA5uBaQ+3hid6FpEZK3xo913m8c1p CleY+M1v960YfCepgpmgmgf/reE8bahA3r1kUP30= Received: from [212.103.72.250] (mx1.investici.org [212.103.72.250]) (Authenticated sender: laniel_francis@privacyrequired.com) by localhost (Postfix) with ESMTPSA id 4CN5yq50gfz10yD; Fri, 30 Oct 2020 15:37:07 +0000 (UTC) From: laniel_francis@privacyrequired.com To: linux-hardening@vger.kernel.org, netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, keescook@chromium.org, Francis Laniel Subject: [PATCH v4 1/3] Fix unefficient call to memset before memcpu in nla_strlcpy. Date: Fri, 30 Oct 2020 16:36:45 +0100 Message-Id: <20201030153647.4408-2-laniel_francis@privacyrequired.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201030153647.4408-1-laniel_francis@privacyrequired.com> References: <20201030153647.4408-1-laniel_francis@privacyrequired.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Francis Laniel Before this commit, nla_strlcpy first memseted dst to 0 then wrote src into it. This is inefficient because bytes whom number is less than src length are written twice. This patch solves this issue by first writing src into dst then fill dst with 0's. Note that, in the case where src length is higher than dst, only 0 is written. Otherwise there are as many 0's written to fill dst. For example, if src is "foo\0" and dst is 5 bytes long, the result will be: 1. "fooGG" after memcpy (G means garbage). 2. "foo\0\0" after memset. Signed-off-by: Francis Laniel Reviewed-by: Kees Cook --- lib/nlattr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/nlattr.c b/lib/nlattr.c index 74019c8ebf6b..07156e581997 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c @@ -731,8 +731,9 @@ size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) if (dstsize > 0) { size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen; - memset(dst, 0, dstsize); memcpy(dst, src, len); + /* Zero pad end of dst. */ + memset(dst + len, 0, dstsize - len); } return srclen;