seq_file: seq_show_option_n() is used for precise sizes

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When seq_show_option_n() is used, it is for non-string memory that
happens to be printable bytes. As such, we must use memcpy() to copy the
bytes and then explicitly NUL-terminate the result.

Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Muchun Song <muchun.song@linux.dev>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230726215957.never.619-kees@kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>

Kees Cook 2 years ago 630fdd59 8453e792

+4 -3

1 changed file

expand all

include

linux

seq_file.h

+4 -3

include/linux/seq_file.h

··· 249 249 250 250 /** 251 251 * seq_show_option_n - display mount options with appropriate escapes 252 - * where @value must be a specific length. 252 + * where @value must be a specific length (i.e. 253 + * not NUL-terminated). 253 254 * @m: the seq_file handle 254 255 * @name: the mount option name 255 256 * @value: the mount option name's value, cannot be NULL 256 - * @length: the length of @value to display 257 + * @length: the exact length of @value to display, must be constant expression 257 258 * 258 259 * This is a macro since this uses "length" to define the size of the 259 260 * stack buffer. 260 261 */ 261 262 #define seq_show_option_n(m, name, value, length) { \ 262 263 char val_buf[length + 1]; \ 263 - strncpy(val_buf, value, length); \ 264 + memcpy(val_buf, value, length); \ 264 265 val_buf[length] = '\0'; \ 265 266 seq_show_option(m, name, val_buf); \ 266 267 }