summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancis Laniel <laniel_francis@privacyrequired.com>2020-11-15 18:08:04 +0100
committerJakub Kicinski <kuba@kernel.org>2020-11-16 08:08:54 -0800
commit8eeb99bc81bc1cb3d5e5323d9a82d8392e3a27b4 (patch)
tree960a5bf156785c6bc904626dd94463d61a07eced
parent41294e6a434d4f19e957c55b275ea0324f275009 (diff)
Fix unefficient call to memset before memcpu in nla_strlcpy.
Before this commit, nla_strlcpy first memseted dst to 0 then wrote src into it. This is inefficient because bytes whom number is less than src length are written twice. This patch solves this issue by first writing src into dst then fill dst with 0's. Note that, in the case where src length is higher than dst, only 0 is written. Otherwise there are as many 0's written to fill dst. For example, if src is "foo\0" and dst is 5 bytes long, the result will be: 1. "fooGG" after memcpy (G means garbage). 2. "foo\0\0" after memset. Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r--lib/nlattr.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/nlattr.c b/lib/nlattr.c
index 74019c8ebf6b..07156e581997 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -731,8 +731,9 @@ size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
if (dstsize > 0) {
size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;
- memset(dst, 0, dstsize);
memcpy(dst, src, len);
+ /* Zero pad end of dst. */
+ memset(dst + len, 0, dstsize - len);
}
return srclen;