Hi, On Sat, 1 Dec 2018, Qian Cai wrote: > To make overflows as obvious as possible and to prevent code from blithely > proceeding with a truncated string. This also has a side-effect to fix a > compilation warning when using GCC 8.2.1. > > net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get': > net/netfilter/ipset/ip_set_core.c:2027:3: warning: 'strncpy' writing 32 > bytes into a region of size 2 overflows the destination > [-Wstringop-overflow=] > > Signed-off-by: Qian Cai <cai@xxxxxx> Patch is applied with a slight modification, see below: > Changelog: > * v2: > - Released the lock for the error-path as well. > * v1: > - Checked the return value. > > net/netfilter/ipset/ip_set_core.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index 1577f2f76060..33929fb645b6 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -2024,9 +2024,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) > } > nfnl_lock(NFNL_SUBSYS_IPSET); > set = ip_set(inst, req_get->set.index); > - strncpy(req_get->set.name, set ? set->name : "", > - IPSET_MAXNAMELEN); > + ret = strscpy(req_get->set.name, set ? set->name : "", > + IPSET_MAXNAMELEN); > nfnl_unlock(NFNL_SUBSYS_IPSET); > + if (ret == -E2BIG) I replaced the condition with if (ret < 0) so that it can handle future error codes from strscpy() as well. > + goto done; > goto copy; > } > default: Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
