lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202505190651.943F729@keescook>
Date: Mon, 19 May 2025 06:52:13 -0700
From: Kees Cook <kees@...nel.org>
To: Ethan Carter Edwards <ethan@...ancedwards.com>
Cc: Theodore Ts'o <tytso@....edu>,
	Andreas Dilger <adilger.kernel@...ger.ca>,
	linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] ext4: replace strcpy() with '.' assignment

On Sun, May 18, 2025 at 11:54:21PM -0400, Ethan Carter Edwards wrote:
> strcpy() is deprecated; assignment can be used instead which
> theoretically/potentially increases speed as a function call is removed.
> 
> Straight assignment works because the strings are not null-terminated
> which means they don't strictly require a str(s)cpy call.
> 
> No functional changes intended.
> 
> Link: https://github.com/KSPP/linux/issues/88
> Suggested-by: Theodore Ts'o <tytso@....edu>
> Signed-off-by: Ethan Carter Edwards <ethan@...ancedwards.com>
> ---
> There's an ongoing effort to remove calls to strcpy throughout the
> kernel.
> 
> Link: https://github.com/KSPP/linux/issues/88
> ---
> Changes in v2:
> - completely remove the call to strcpy and replace it with assignment
>   off of Theo's suggestion. Thanks.
> - Link to v1: https://lore.kernel.org/r/20250518-ext4-strcpy-v1-1-6c8a82ff078f@ethancedwards.com
> ---
>  fs/ext4/inline.c | 4 ++--
>  fs/ext4/namei.c  | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
> index 2c9b762925c72f2ff5a402b02500370bc1eb0eb1..f3bc8b3904a8a9b55162f002b5bd63a527b290a5 100644
> --- a/fs/ext4/inline.c
> +++ b/fs/ext4/inline.c
> @@ -1314,7 +1314,7 @@ int ext4_inlinedir_to_tree(struct file *dir_file,
>  		if (pos == 0) {
>  			fake.inode = cpu_to_le32(inode->i_ino);
>  			fake.name_len = 1;
> -			strcpy(fake.name, ".");
> +			fake.name[0] = ".";

This means the trailing NUL byte isn't being copied any more? That seems
like a big change, even if name_len is being used for length tracking.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ