Re: [PATCH 10/17] delta: Fix buffer overrun in delta_ipc_open

From: Hugues FRUCHET
Date: Tue Apr 02 2019 - 05:59:11 EST


Hi Andi,

So do both, memset then strscpy:

+ memset(msg.name, 0, sizeof(msg.name));
+ if (strscpy(msg.name, name, sizeof(msg.name)) <= 0)
+ goto err;

BR,
Hugues.

On 4/1/19 6:54 PM, Andi Kleen wrote:
> On Mon, Apr 01, 2019 at 01:37:56PM +0000, Hugues FRUCHET wrote:
>> Hi Andi,
>>
>> We have already discussed about that here:
>> https://lore.kernel.org/patchwork/patch/866406/
>>
>> Now that strscpy is largely deployed within kernel, could you retest
>> with the change I suggested ?
>
> strscpy is not the correct fix because it leaks uninitialized memory
> to the receiver. You need the memset.
>
> -Andi
>