diff options
author | Kees Cook <keescook@chromium.org> | 2019-09-25 16:46:20 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-09-25 17:51:39 -0700 |
commit | 9a156466147b61504f4cbe97ea503e67c21e117a (patch) | |
tree | 25f41cd13e244c58bdf536c601225a05daa4caa9 /lib/string.c | |
parent | d1a445d3b86c9341ce7a0954c23be0edb5c9bec5 (diff) | |
download | lwn-9a156466147b61504f4cbe97ea503e67c21e117a.tar.gz lwn-9a156466147b61504f4cbe97ea503e67c21e117a.zip |
strscpy: reject buffer sizes larger than INT_MAX
As already done for snprintf(), add a check in strscpy() for giant (i.e.
likely negative and/or miscalculated) copy sizes, WARN, and error out.
Link: http://lkml.kernel.org/r/201907260928.23DE35406@keescook
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Joe Perches <joe@perches.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Stephen Kitt <steve@sk2.org>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'lib/string.c')
-rw-r--r-- | lib/string.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/string.c b/lib/string.c index f7bc10da4259..cd7a10c19210 100644 --- a/lib/string.c +++ b/lib/string.c @@ -183,7 +183,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count) size_t max = count; long res = 0; - if (count == 0) + if (count == 0 || WARN_ON_ONCE(count > INT_MAX)) return -E2BIG; #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS |