| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Nov 2023 14:00:28 -0800
From: Kees Cook <keescook@...omium.org>
To: Shahed Shaikh <shshaikh@...vell.com>,
Manish Chopra <manishc@...vell.com>,
GR-Linux-NIC-Dev@...vell.com,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Justin Stitt <justinstitt@...gle.com>
Cc: Kees Cook <keescook@...omium.org>,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH] qlcnic: replace deprecated strncpy with strscpy
On Thu, 12 Oct 2023 19:44:29 +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect fw_info->fw_file_name to be NUL-terminated based on its use
> within _request_firmware_prepare() wherein `name` refers to it:
> | if (firmware_request_builtin_buf(firmware, name, dbuf, size)) {
> | dev_dbg(device, "using built-in %s\n", name);
> | return 0; /* assigned */
> | }
> ... and with firmware_request_builtin() also via `name`:
> | if (strcmp(name, b_fw->name) == 0) {
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] qlcnic: replace deprecated strncpy with strscpy
https://git.kernel.org/kees/c/f8bef1ef8095
Take care,
--
Kees Cook
Powered by blists - more mailing lists