Skip to content

Commit 1286f63

Browse files
keeskees
committed
string.h: Validate memtostr*()/strtomem*() arguments more carefully
Since these functions handle moving between C strings and non-C strings, they should check for the appropriate presence/lack of the nonstring attribute on arguments. Signed-off-by: Kees Cook <[email protected]>
1 parent 9f25b1f commit 1286f63

File tree

1 file changed

+12
-4
lines changed

1 file changed

+12
-4
lines changed

include/linux/string.h

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -415,8 +415,10 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
415415
*/
416416
#define strtomem_pad(dest, src, pad) do { \
417417
const size_t _dest_len = __must_be_byte_array(dest) + \
418+
__must_be_noncstr(dest) + \
418419
ARRAY_SIZE(dest); \
419-
const size_t _src_len = __builtin_object_size(src, 1); \
420+
const size_t _src_len = __must_be_cstr(src) + \
421+
__builtin_object_size(src, 1); \
420422
\
421423
BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \
422424
_dest_len == (size_t)-1); \
@@ -439,8 +441,10 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
439441
*/
440442
#define strtomem(dest, src) do { \
441443
const size_t _dest_len = __must_be_byte_array(dest) + \
444+
__must_be_noncstr(dest) + \
442445
ARRAY_SIZE(dest); \
443-
const size_t _src_len = __builtin_object_size(src, 1); \
446+
const size_t _src_len = __must_be_cstr(src) + \
447+
__builtin_object_size(src, 1); \
444448
\
445449
BUILD_BUG_ON(!__builtin_constant_p(_dest_len) || \
446450
_dest_len == (size_t)-1); \
@@ -459,8 +463,10 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
459463
*/
460464
#define memtostr(dest, src) do { \
461465
const size_t _dest_len = __must_be_byte_array(dest) + \
466+
__must_be_cstr(dest) + \
462467
ARRAY_SIZE(dest); \
463-
const size_t _src_len = __builtin_object_size(src, 1); \
468+
const size_t _src_len = __must_be_noncstr(src) + \
469+
__builtin_object_size(src, 1); \
464470
const size_t _src_chars = strnlen(src, _src_len); \
465471
const size_t _copy_len = min(_dest_len - 1, _src_chars); \
466472
\
@@ -485,8 +491,10 @@ void memcpy_and_pad(void *dest, size_t dest_len, const void *src, size_t count,
485491
*/
486492
#define memtostr_pad(dest, src) do { \
487493
const size_t _dest_len = __must_be_byte_array(dest) + \
494+
__must_be_cstr(dest) + \
488495
ARRAY_SIZE(dest); \
489-
const size_t _src_len = __builtin_object_size(src, 1); \
496+
const size_t _src_len = __must_be_noncstr(src) + \
497+
__builtin_object_size(src, 1); \
490498
const size_t _src_chars = strnlen(src, _src_len); \
491499
const size_t _copy_len = min(_dest_len - 1, _src_chars); \
492500
\

0 commit comments

Comments
 (0)