mirror of https://github.com/torvalds/linux.git
a0a76e3f8d
strncpy() is deprecated for NUL-terminated destination buffers; use strscpy_pad() instead to retain the NUL-padding behavior of strncpy(). The destination buffer is initialized using kzalloc() with a 'signature' size of ECRYPTFS_PASSWORD_SIG_SIZE + 1. strncpy() then copies up to ECRYPTFS_PASSWORD_SIG_SIZE bytes from 'key_desc', NUL-padding any remaining bytes if needed, but expects the last byte to be zero. strscpy_pad() also copies the source string to 'signature', and NUL-pads the destination buffer if needed, but ensures it's always NUL-terminated without relying on it being zero-initialized. strscpy_pad() automatically determines the size of the fixed-length destination buffer via sizeof() when the optional size argument is omitted, making an explicit size unnecessary. In encrypted_init(), the source string 'key_desc' is validated by valid_ecryptfs_desc() before calling ecryptfs_fill_auth_tok(), and is therefore NUL-terminated and satisfies the __must_be_cstr() requirement of strscpy_pad(). Link: https://github.com/KSPP/linux/issues/90 Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> |
||
|---|---|---|
| .. | ||
| Makefile | ||
| ecryptfs_format.c | ||
| ecryptfs_format.h | ||
| encrypted.c | ||
| encrypted.h | ||
| masterkey_trusted.c | ||