bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

lkdtm/fortify: Drop unneeded FORTIFY_STR_OBJECT test

Browse Source 
The str* family of fortified functions all use member-sized limits
for a while now, so the FORTIFY_STR_OBJECT test is redundant to
FORTIFY_STR_MEMBER. While here, replace the strncpy() use with strscpy(),
as strncpy() is being removed.

Link: https://patch.msgid.link/20260324020726.work.624-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
Kees Cook
2026-03-23 19:07:30 -07:00
parent 00247cbf17
commit cf2f06f715
2 changed files with 6 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
drivers/misc/lkdtm/fortify.c
View File

@@ -10,30 +10,6 @@
static volatile int fortify_scratch_space;
static void lkdtm_FORTIFY_STR_OBJECT(void)
{
struct target {
char a[10];
int foo;
} target[3] = {};
/*
* Using volatile prevents the compiler from determining the value of
* 'size' at compile time. Without that, we would get a compile error
* rather than a runtime error.
*/
volatile int size = 20;
pr_info("trying to strcmp() past the end of a struct\n");
strncpy(target[0].a, target[1].a, size);
/* Store result to global to prevent the code from being eliminated */
fortify_scratch_space = target[0].a[3];
pr_err("FAIL: fortify did not block a strncpy() object write overflow!\n");
pr_expected_config(CONFIG_FORTIFY_SOURCE);
}
static void lkdtm_FORTIFY_STR_MEMBER(void)
{
struct target {
@@ -47,22 +23,23 @@ static void lkdtm_FORTIFY_STR_MEMBER(void)
if (!src)
return;
/* 15 bytes: past end of a[] but not target. */
strscpy(src, "over ten bytes", size);
size = strlen(src) + 1;
pr_info("trying to strncpy() past the end of a struct member...\n");
pr_info("trying to strscpy() past the end of a struct member...\n");
/*
* strncpy(target.a, src, 20); will hit a compile error because the
* compiler knows at build time that target.a < 20 bytes. Use a
* strscpy(target.a, src, 15); will hit a compile error because the
* compiler knows at build time that target.a < 15 bytes. Use a
* volatile to force a runtime error.
*/
strncpy(target.a, src, size);
strscpy(target.a, src, size);
/* Store result to global to prevent the code from being eliminated */
fortify_scratch_space = target.a[3];
pr_err("FAIL: fortify did not block a strncpy() struct member write overflow!\n");
pr_err("FAIL: fortify did not block a strscpy() struct member write overflow!\n");
pr_expected_config(CONFIG_FORTIFY_SOURCE);
kfree(src);
@@ -210,7 +187,6 @@ static void lkdtm_FORTIFY_STRSCPY(void)
}
static struct crashtype crashtypes[] = {
CRASHTYPE(FORTIFY_STR_OBJECT),
CRASHTYPE(FORTIFY_STR_MEMBER),
CRASHTYPE(FORTIFY_MEM_OBJECT),
CRASHTYPE(FORTIFY_MEM_MEMBER),