| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250225122828.GM5777@twin.jikos.cz>
Date: Tue, 25 Feb 2025 13:28:28 +0100
From: David Sterba <dsterba@...e.cz>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>,
David Sterba <dsterba@...e.com>, linux-hardening@...r.kernel.org,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] btrfs: Replace deprecated strncpy() with strscpy_pad()
On Tue, Feb 25, 2025 at 10:29:49AM +0100, Thorsten Blum wrote:
> strncpy() is deprecated for NUL-terminated destination buffers. Use
> strscpy_pad() instead and don't zero-initialize the param array.
>
> Compile-tested only.
>
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@...r.kernel.org
> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> ---
> fs/btrfs/sysfs.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c
> index 53b846d99ece..b941fb37776d 100644
> --- a/fs/btrfs/sysfs.c
> +++ b/fs/btrfs/sysfs.c
> @@ -1330,13 +1330,13 @@ MODULE_PARM_DESC(read_policy,
>
> int btrfs_read_policy_to_enum(const char *str, s64 *value_ret)
> {
> - char param[32] = { 0 };
> + char param[32];
> char __maybe_unused *value_str;
>
> if (!str || strlen(str) == 0)
> return 0;
>
> - strncpy(param, str, sizeof(param) - 1);
> + strscpy_pad(param, str);
I don't think we need the padding, so strscpy is probably ok. We copy
input string to a temporary modifiable buffer and then match it against
a table, so the NUL termination is ok.
Powered by blists - more mailing lists