lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 01 Aug 2021 09:55:28 -0700
From:   Joe Perches <>
To:     "Russell King (Oracle)" <>,
        Len Baker <>
Cc:     Kees Cook <>,
        Dmitry Torokhov <>,
        Lee Jones <>,
        Uwe Kleine-K├Ânig 
Subject: Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of

On Sun, 2021-08-01 at 09:39 -0700, Joe Perches wrote:
> On Sun, 2021-08-01 at 16:00 +0100, Russell King (Oracle) wrote:
> > On Sun, Aug 01, 2021 at 04:43:16PM +0200, Len Baker wrote:
> > > strcpy() performs no bounds checking on the destination buffer. This
> > > could result in linear overflows beyond the end of the buffer, leading
> > > to all kinds of misbehaviors. The safe replacement is strscpy().
> > So if the string doesn't fit, it's fine to silently truncate it?
> > 
> > Rather than converting every single strcpy() in the kernel to
> > strscpy(), maybe there should be some consideration given to how the
> > issue of a strcpy() that overflows the buffer should be handled.
> > E.g. in the case of a known string such as the above, if it's longer
> > than the destination, should we find a way to make the compiler issue
> > a warning at compile time?

(apologies for the earlier blank reply, sometimes I dislike my email client)

stracpy could do that with a trivial addition like below:

Old lkml references:

But Linus T wants a copy_string mechanism instead:

 * stracpy - Copy a C-string into an array of char/u8/s8 or equivalent
 * @dest: Where to copy the string, must be an array of char and not a pointer
 * @src: String to copy, may be a pointer or const char array
 * Helper for strscpy().
 * Copies a maximum of sizeof(@dest) bytes of @src with %NUL termination.
 * A BUILD_BUG_ON is used for cases where @dest is not a char array or
 * @src is a char array and is larger than @dest.
 * Returns:
 * * The number of characters copied (not including the trailing %NUL)
 * * -E2BIG if @dest is a zero size array or @src was truncated.
#define stracpy(dest, src)						\
({									\
	BUILD_BUG_ON(!(__same_type(dest, char[]) ||			\
		       __same_type(dest, unsigned char[]) ||		\
		       __same_type(dest, signed char[])));		\
	BUILD_BUG_ON((__same_type(src, char[]) ||			\
		      __same_type(src, unsigned char[]) ||		\
		      __same_type(src, signed char[])) &&		\
		     ARRAY_SIZE(src) > ARRAY_SIZE(dest));		\
	strscpy(dest, src, ARRAY_SIZE(dest));				\

Powered by blists - more mailing lists