strscpy: zero any trailing garbage bytes in the destination

commit 990486c8af044f89bddfbde1d1cf9fde449bedbf upstream. It's possible that the destination can be shadowed in userspace (as, for example, the perf buffers are now). So we should take care not to leak data that could be inspected by userspace. Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Chris Metcalf <cmetcalf@ezchip.com> 2015-10-06 12:37:41 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-08-11 09:30:09 -0700
commit: 588b2464f3e5467902c6ebf56d10339793147155 (patch)
tree: 0cac3b1769288d15a385ac5acbe2e56240b9a446 /lib
parent: a7191e904907108f470dfdaabccf905e0be34265 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/string.c b/lib/string.c
index a93dac298f93..8e8a2e9e9522 100644
--- a/lib/string.c
+++ b/lib/string.c
@@ -211,12 +211,13 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
 		unsigned long c, data;
 
 		c = *(unsigned long *)(src+res);
-		*(unsigned long *)(dest+res) = c;
 		if (has_zero(c, &data, &constants)) {
 			data = prep_zero_mask(c, data, &constants);
 			data = create_zero_mask(data);
+			*(unsigned long *)(dest+res) = c & zero_bytemask(data);
 			return res + find_zero(data);
 		}
+		*(unsigned long *)(dest+res) = c;
 		res += sizeof(unsigned long);
 		count -= sizeof(unsigned long);
 		max -= sizeof(unsigned long);
author	Chris Metcalf <cmetcalf@ezchip.com>	2015-10-06 12:37:41 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-08-11 09:30:09 -0700
commit	588b2464f3e5467902c6ebf56d10339793147155 (patch)
tree	0cac3b1769288d15a385ac5acbe2e56240b9a446 /lib
parent	a7191e904907108f470dfdaabccf905e0be34265 (diff)