Skip to content

Commit

Permalink
lkdtm/fortify: Swap memcpy() for strncpy()
Browse files Browse the repository at this point in the history
The memcpy() runtime defenses are still not landed, so test with
strncpy() for now.

Cc: Arnd Bergmann <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Reported-by: Muhammad Usama Anjum <[email protected]>
Reviewed-by: Muhammad Usama Anjum <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
  • Loading branch information
kees authored and gregkh committed Feb 25, 2022
1 parent 2c9ae45 commit f4e335f
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions drivers/misc/lkdtm/fortify.c
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,14 @@ void lkdtm_FORTIFIED_SUBOBJECT(void)
strscpy(src, "over ten bytes", size);
size = strlen(src) + 1;

pr_info("trying to strcpy past the end of a member of a struct\n");
pr_info("trying to strncpy past the end of a member of a struct\n");

/*
* memcpy(target.a, src, 20); will hit a compile error because the
* strncpy(target.a, src, 20); will hit a compile error because the
* compiler knows at build time that target.a < 20 bytes. Use a
* volatile to force a runtime error.
*/
memcpy(target.a, src, size);
strncpy(target.a, src, size);

/* Store result to global to prevent the code from being eliminated */
fortify_scratch_space = target.a[3];
Expand Down

0 comments on commit f4e335f

Please sign in to comment.