lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <202310091134.67A4236E@keescook> Date: Mon, 9 Oct 2023 11:34:27 -0700 From: Kees Cook <keescook@...omium.org> To: Justin Stitt <justinstitt@...gle.com> Cc: Hauke Mehrtens <hauke@...ke-m.de>, Andrew Lunn <andrew@...n.ch>, Florian Fainelli <f.fainelli@...il.com>, Vladimir Oltean <olteanv@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] net: dsa: lantiq_gswip: replace deprecated strncpy with ethtool_sprintf On Mon, Oct 09, 2023 at 06:24:20PM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > ethtool_sprintf() is designed specifically for get_strings() usage. > Let's replace strncpy in favor of this more robust and easier to > understand interface. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Justin Stitt <justinstitt@...gle.com> > --- > Note: build-tested only. > --- > drivers/net/dsa/lantiq_gswip.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c > index 3c76a1a14aee..d60bc2e37701 100644 > --- a/drivers/net/dsa/lantiq_gswip.c > +++ b/drivers/net/dsa/lantiq_gswip.c > @@ -1759,8 +1759,7 @@ static void gswip_get_strings(struct dsa_switch *ds, int port, u32 stringset, > return; > > for (i = 0; i < ARRAY_SIZE(gswip_rmon_cnt); i++) > - strncpy(data + i * ETH_GSTRING_LEN, gswip_rmon_cnt[i].name, > - ETH_GSTRING_LEN); > + ethtool_sprintf(&data, "%s", gswip_rmon_cnt[i].name); Sorry, I read too fast: this should be "data", not "&data", yeah? -Kees > } > > static u32 gswip_bcm_ram_entry_read(struct gswip_priv *priv, u32 table, > > --- > base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2 > change-id: 20231005-strncpy-drivers-net-dsa-lantiq_gswip-c-ece909a364f7 > > Best regards, > -- > Justin Stitt <justinstitt@...gle.com> > > -- Kees Cook
Powered by blists - more mailing lists