Commit 9a156466 authored by Kees Cook's avatar Kees Cook Committed by Linus Torvalds

strscpy: reject buffer sizes larger than INT_MAX

As already done for snprintf(), add a check in strscpy() for giant (i.e.
likely negative and/or miscalculated) copy sizes, WARN, and error out.

Link: http://lkml.kernel.org/r/201907260928.23DE35406@keescookSigned-off-by: default avatarKees Cook <keescook@chromium.org>
Cc: Joe Perches <joe@perches.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Stephen Kitt <steve@sk2.org>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent d1a445d3
...@@ -183,7 +183,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count) ...@@ -183,7 +183,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
size_t max = count; size_t max = count;
long res = 0; long res = 0;
if (count == 0) if (count == 0 || WARN_ON_ONCE(count > INT_MAX))
return -E2BIG; return -E2BIG;
#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment