| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210105082303.15310-1-dwaipayanray1@gmail.com>
Date: Tue, 5 Jan 2021 13:53:03 +0530
From: Dwaipayan Ray <dwaipayanray1@...il.com>
To: joe@...ches.com
Cc: dwaipayanray1@...il.com,
linux-kernel-mentees@...ts.linuxfoundation.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] checkpatch: add a new check for strcpy/strlcpy uses
strcpy() performs no bounds checking on the destination buffer.
This could result in linear overflows beyond the end of the buffer.
strlcpy() reads the entire source buffer first. This read
may exceed the destination size limit. This can be both inefficient
and lead to linear read overflows.
The safe replacement to both of these is to use strscpy() instead.
Add a new checkpatch warning which alerts the user on finding usage of
strcpy() or strlcpy().
Signed-off-by: Dwaipayan Ray <dwaipayanray1@...il.com>
---
scripts/checkpatch.pl | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index d6a4d25b0972..0003fd9de62c 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -6604,6 +6604,13 @@ sub process {
}
}
+# Check for strcpy/strlcpy uses
+ if (defined($stat) &&
+ $stat =~ /^\+(?:.*?)\b(str[l]?cpy)\s*\(/) {
+ WARN("PREFER_STRSCPY",
+ "Prefer strscpy() over $1()\n" . "$here\n$stat\n");
+ }
+
# Check for memcpy(foo, bar, ETH_ALEN) that could be ether_addr_copy(foo, bar)
# if ($perl_version_ok &&
# defined $stat &&
--
2.27.0
Powered by blists - more mailing lists