strscpy: reject buffer sizes larger than INT_MAX

As already done for snprintf(), add a check in strscpy() for giant (i.e. likely negative and/or miscalculated) copy sizes, WARN, and error out. Link: http://lkml.kernel.org/r/201907260928.23DE35406@keescookSigned-off-by: Kees Cook <keescook@chromium.org> Cc: Joe Perches <joe@perches.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Yann Droneaud <ydroneaud@opteya.com> Cc: David Laight <David.Laight@aculab.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Stephen Kitt <steve@sk2.org> Cc: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

strscpy: reject buffer sizes larger than INT_MAX
As already done for snprintf(), add a check in strscpy() for giant (i.e. likely negative and/or miscalculated) copy sizes, WARN, and error out. Link: http://lkml.kernel.org/r/201907260928.23DE35406@keescookSigned-off-by: Kees Cook <keescook@chromium.org> Cc: Joe Perches <joe@perches.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Yann Droneaud <ydroneaud@opteya.com> Cc: David Laight <David.Laight@aculab.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Stephen Kitt <steve@sk2.org> Cc: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9a156466 · Kees Cook · Linus Torvalds · d1a445d3 · 9a156466
Commit 9a156466 authored Sep 25, 2019 by Kees Cook Committed by Linus Torvalds Sep 25, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

lib/string.c lib/string.c +1 -1

No files found.
--- a/lib/string.c
+++ b/lib/string.c
@@ -183,7 +183,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
 	size_t max = count;
 	long res = 0;

-	if (count == 0)
+	if (count == 0 || WARN_ON_ONCE(count > INT_MAX))
 		return -E2BIG;

 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS