[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <cbca3311-2d5d-4b87-8966-e2b57d74d6e1@kadam.mountain>
Date: Thu, 10 Aug 2023 08:01:45 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Michael Straube <straube.linux@...il.com>
Cc: Greg KH <gregkh@...uxfoundation.org>, philipp.g.hortmann@...il.com,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: rtl8192e: prefer strscpy over strncpy
On Wed, Aug 09, 2023 at 08:02:05PM +0200, Michael Straube wrote:
> On 8/9/23 14:21, Greg KH wrote:
> > On Sat, Aug 05, 2023 at 09:51:14AM +0200, Michael Straube wrote:
> > > Replace strncpy with strscpy in two places where the destination buffer
> > > should be NUL-terminated. Found by checkpatch.
> > >
> > > WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90
> >
> > If a global search/replace could be done, it would have happend a long
> > time ago.
> >
> > How was this tested? The functions work differently, are you sure there
> > is no change in functionality here?
> >
>
> It was only compile tested. To me it looked as it does not change
> functionality, but looking a bit deeper at it I'm not sure anymore.
> So, we should leave it as is.
So there are three main differences between strncpy() and strcpy().
1) The return.
2) strncpy() will always write net->hidden_ssid_len bytes. If the
string to copy is smaller than net->hidden_ssid_len bytes it will
fill the rest with zeroes. This can be important for preventing
information leaks.
3) strscpy() will always add a NUL terminator where strncpy() just
truncates a too long string without adding a terminator.
We want #3. We don't care about #1. The only thing to check is #2.
regards,
dan carpenter
Powered by blists - more mailing lists