lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 20 Nov 2023 10:59:45 +0100
From: Christian König <>
To: "T.J. Mercier" <>, Kees Cook <>
Cc: Sumit Semwal <>,,, Azeem Shaikh <>,,,
Subject: Re: [PATCH] dma-buf: Replace strlcpy() with strscpy()

Am 17.11.23 um 19:50 schrieb T.J. Mercier:
> On Thu, Nov 16, 2023 at 11:14 AM Kees Cook <> wrote:
>> strlcpy() reads the entire source buffer first. This read may exceed
>> the destination size limit. This is both inefficient and can lead
>> to linear read overflows if a source string is not NUL-terminated[1].
>> Additionally, it returns the size of the source string, not the
>> resulting size of the destination string. In an effort to remove strlcpy()
>> completely[2], replace strlcpy() here with strscpy().
>> Link: [1]
>> Link: [2]
>> Cc: Sumit Semwal <>
>> Cc: "Christian König" <>
>> Cc: Azeem Shaikh <>
>> Cc:
>> Cc:
>> Cc:
>> Signed-off-by: Kees Cook <>
> Reviewed-by: T.J. Mercier <>
> strscpy returns -E2BIG when it truncates / force null-terminates which
> would provide the wrong argument for dynamic_dname, but
> dma_buf_set_name{_user} makes sure we have a null-terminated string of
> the appropriate maximum size in dmabuf->name.

Thanks for that background check, I was about to note that this might 
not be a good idea.

Linus pretty clearly stated that he doesn't want to see patches like 
that one here, see this article as well.

I think the commit message gives enough reason to merge the patch, so 
I'm going to push it to drm-misc-next. But please make sure to triple 
check stuff like this before sending.


Powered by blists - more mailing lists