github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-03 20:14:06 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

ecryptfs: Replace strcpy with strscpy in ecryptfs_cipher_code_to_string

Browse Source 
strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Since
the parameter 'char *str' is just a pointer with no size information,
extend the function with a 'size' parameter to pass the destination
buffer's size as an additional argument. Adjust the call sites
accordingly.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Tyler Hicks <code@tyhicks.com>
This commit is contained in:
Thorsten Blum 2025-12-13 12:04:52 +01:00 committed by Tyler Hicks
parent 3bdc6cace2
commit c82f77a4ac
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fs/ecryptfs/crypto.c
View File

@ -862,11 +862,12 @@ u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
/**
* ecryptfs_cipher_code_to_string
* @str: Destination to write out the cipher name
* @size: Destination buffer size
* @cipher_code: The code to convert to cipher name string
*
* Returns zero on success
*/
int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code)
{
int rc = 0;
int i;
@ -874,7 +875,8 @@ int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
str[0] = '\0';
for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
strscpy(str, ecryptfs_cipher_code_str_map[i].cipher_str,
size);
if (str[0] == '\0') {
ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
"[%d]\n", cipher_code);

2
fs/ecryptfs/ecryptfs_kernel.h
View File

@ -571,7 +571,7 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode);
int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
struct inode *inode);
u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code);
void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
int ecryptfs_generate_key_packet_set(char *dest_base,
struct ecryptfs_crypt_stat *crypt_stat,

9
fs/ecryptfs/keystore.c
View File

@ -911,7 +911,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
(*packet_size) += ECRYPTFS_SIG_SIZE;
s->cipher_code = data[(*packet_size)++];
rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
rc = ecryptfs_cipher_code_to_string(s->cipher_string,
sizeof(s->cipher_string),
s->cipher_code);
if (rc) {
printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
__func__, s->cipher_code);
@ -1129,7 +1131,9 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
auth_tok->session_key.decrypted_key_size);
crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
sizeof(crypt_stat->cipher),
cipher_code);
if (rc) {
ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
cipher_code);
@ -1395,6 +1399,7 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
goto out_free;
}
rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
sizeof(crypt_stat->cipher),
(u16)data[(*packet_size)]);
if (rc)
goto out_free;