tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'ipsec-next-2025-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2025-09-26

1) Fix field-spanning memcpy warning in AH output.
From Charalampos Mitrodimas.

2) Replace the strcpy() calls for alg_name by strscpy().
From Miguel García.

* tag 'ipsec-next-2025-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next:
xfrm: xfrm_user: use strscpy() for alg_name
net: ipv6: fix field-spanning memcpy warning in AH output
====================

Link: https://patch.msgid.link/20250926053025.2242061-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski ed6cfe86 94aced6e

+36 -24
+31 -19
net/ipv6/ah6.c
··· 46 46 47 47 #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) 48 48 49 + /* Helper to save IPv6 addresses and extension headers to temporary storage */ 50 + static inline void ah6_save_hdrs(struct tmp_ext *iph_ext, 51 + struct ipv6hdr *top_iph, int extlen) 52 + { 53 + if (!extlen) 54 + return; 55 + 56 + #if IS_ENABLED(CONFIG_IPV6_MIP6) 57 + iph_ext->saddr = top_iph->saddr; 58 + #endif 59 + iph_ext->daddr = top_iph->daddr; 60 + memcpy(&iph_ext->hdrs, top_iph + 1, extlen - sizeof(*iph_ext)); 61 + } 62 + 63 + /* Helper to restore IPv6 addresses and extension headers from temporary storage */ 64 + static inline void ah6_restore_hdrs(struct ipv6hdr *top_iph, 65 + struct tmp_ext *iph_ext, int extlen) 66 + { 67 + if (!extlen) 68 + return; 69 + 70 + #if IS_ENABLED(CONFIG_IPV6_MIP6) 71 + top_iph->saddr = iph_ext->saddr; 72 + #endif 73 + top_iph->daddr = iph_ext->daddr; 74 + memcpy(top_iph + 1, &iph_ext->hdrs, extlen - sizeof(*iph_ext)); 75 + } 76 + 49 77 static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, 50 78 unsigned int size) 51 79 { ··· 329 301 memcpy(ah->auth_data, icv, ahp->icv_trunc_len); 330 302 memcpy(top_iph, iph_base, IPV6HDR_BASELEN); 331 303 332 - if (extlen) { 333 - #if IS_ENABLED(CONFIG_IPV6_MIP6) 334 - memcpy(&top_iph->saddr, iph_ext, extlen); 335 - #else 336 - memcpy(&top_iph->daddr, iph_ext, extlen); 337 - #endif 338 - } 304 + ah6_restore_hdrs(top_iph, iph_ext, extlen); 339 305 340 306 kfree(AH_SKB_CB(skb)->tmp); 341 307 xfrm_output_resume(skb->sk, skb, err); ··· 400 378 */ 401 379 memcpy(iph_base, top_iph, IPV6HDR_BASELEN); 402 380 381 + ah6_save_hdrs(iph_ext, top_iph, extlen); 403 382 if (extlen) { 404 - #if IS_ENABLED(CONFIG_IPV6_MIP6) 405 - memcpy(iph_ext, &top_iph->saddr, extlen); 406 - #else 407 - memcpy(iph_ext, &top_iph->daddr, extlen); 408 - #endif 409 383 err = ipv6_clear_mutable_options(top_iph, 410 384 extlen - sizeof(*iph_ext) + 411 385 sizeof(*top_iph), ··· 452 434 memcpy(ah->auth_data, icv, ahp->icv_trunc_len); 453 435 memcpy(top_iph, iph_base, IPV6HDR_BASELEN); 454 436 455 - if (extlen) { 456 - #if IS_ENABLED(CONFIG_IPV6_MIP6) 457 - memcpy(&top_iph->saddr, iph_ext, extlen); 458 - #else 459 - memcpy(&top_iph->daddr, iph_ext, extlen); 460 - #endif 461 - } 437 + ah6_restore_hdrs(top_iph, iph_ext, extlen); 462 438 463 439 out_free: 464 440 kfree(iph_base);
+5 -5
net/xfrm/xfrm_user.c
··· 593 593 if (!p) 594 594 return -ENOMEM; 595 595 596 - strcpy(p->alg_name, algo->name); 596 + strscpy(p->alg_name, algo->name); 597 597 *algpp = p; 598 598 return 0; 599 599 } ··· 620 620 if (!p) 621 621 return -ENOMEM; 622 622 623 - strcpy(p->alg_name, algo->name); 623 + strscpy(p->alg_name, algo->name); 624 624 x->ealg = p; 625 625 x->geniv = algo->uinfo.encr.geniv; 626 626 return 0; ··· 649 649 if (!p) 650 650 return -ENOMEM; 651 651 652 - strcpy(p->alg_name, algo->name); 652 + strscpy(p->alg_name, algo->name); 653 653 p->alg_key_len = ualg->alg_key_len; 654 654 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 655 655 memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8); ··· 684 684 if (!p) 685 685 return -ENOMEM; 686 686 687 - strcpy(p->alg_name, algo->name); 687 + strscpy(p->alg_name, algo->name); 688 688 if (!p->alg_trunc_len) 689 689 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 690 690 ··· 714 714 if (!p) 715 715 return -ENOMEM; 716 716 717 - strcpy(p->alg_name, algo->name); 717 + strscpy(p->alg_name, algo->name); 718 718 x->aead = p; 719 719 x->geniv = algo->uinfo.aead.geniv; 720 720 return 0;