lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFhGd8rm=KJyinG-aqFj75JqQnC0=_+6NSbcdr=wG7SqXCsppQ@mail.gmail.com> Date: Mon, 16 Oct 2023 13:52:21 -0700 From: Justin Stitt <justinstitt@...gle.com> To: Arend van Spriel <aspriel@...il.com>, Franky Lin <franky.lin@...adcom.com>, Hante Meuleman <hante.meuleman@...adcom.com>, Kalle Valo <kvalo@...nel.org> Cc: linux-wireless@...r.kernel.org, brcm80211-dev-list.pdl@...adcom.com, SHA-cyfmac-dev-list@...ineon.com, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] brcmfmac: replace deprecated strncpy with strscpy On Mon, Oct 16, 2023 at 1:48 PM Justin Stitt <justinstitt@...gle.com> wrote: > > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > We expect ifp->ndev->name to be NUL-terminated based on its use in > format strings within core.c: > via brcmf_ifname() -> > 67 | char *brcmf_ifname(struct brcmf_if *ifp) > 68 | { > 69 | if (!ifp) > 70 | return "<if_null>"; > 71 | > 72 | if (ifp->ndev) > 73 | return ifp->ndev->name; > 74 | > 75 | return "<if_none>"; > 76 | } > ... > 288 | static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb, > 289 | struct net_device *ndev) { > ... > 330 | brcmf_dbg(INFO, "%s: insufficient headroom (%d)\n", > 331 | brcmf_ifname(ifp), head_delta); > ... > 336 | bphy_err(drvr, "%s: failed to expand headroom\n", > 337 | brcmf_ifname(ifp)); > > Considering the above, a suitable replacement is `strscpy` [2] due to > the fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Justin Stitt <justinstitt@...gle.com> > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c > index 2a90bb24ba77..7daa418df877 100644 > --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c > +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c > @@ -866,7 +866,7 @@ struct wireless_dev *brcmf_apsta_add_vif(struct wiphy *wiphy, const char *name, > goto fail; > } > > - strncpy(ifp->ndev->name, name, sizeof(ifp->ndev->name) - 1); > + strscpy(ifp->ndev->name, name, sizeof(ifp->ndev->name)); > err = brcmf_net_attach(ifp, true); > if (err) { > bphy_err(drvr, "Registering netdevice failed\n"); > > --- > base-commit: cbf3a2cb156a2c911d8f38d8247814b4c07f49a2 > change-id: 20231016-strncpy-drivers-net-wireless-broadcom-brcm80211-brcmfmac-cfg80211-c-a20108421685 > > Best regards, > -- > Justin Stitt <justinstitt@...gle.com> > Ignore this patch. It will be rolled into a series with others. Just found some more strncpy uses in broadcom/brcm80211 so I will make a series fixing them all at once. Thanks Justin
Powered by blists - more mailing lists