lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZQdbK95P/GRNQo1F@HP-ENVY-Notebook>
Date:   Sun, 17 Sep 2023 22:01:47 +0200
From:   Jonathan Bergh <bergh.jonathan@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: vme_user: Replace strcpy with strscpy

On Sun, Sep 17, 2023 at 06:24:35PM +0200, Greg KH wrote:
> On Sun, Sep 17, 2023 at 05:43:02PM +0200, Jonathan Bergh wrote:
> > Replace strcpy with strscpy as preferred by checkpatch in vme_fake.c to
> > prevent warnings.
> > 
> > Signed-off-by: Jonathan Bergh <bergh.jonathan@...il.com>
> > ---
> >  drivers/staging/vme_user/vme_fake.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/staging/vme_user/vme_fake.c b/drivers/staging/vme_user/vme_fake.c
> > index 9bcb89a84d53..0cf5700e151f 100644
> > --- a/drivers/staging/vme_user/vme_fake.c
> > +++ b/drivers/staging/vme_user/vme_fake.c
> > @@ -1093,7 +1093,7 @@ static int __init fake_init(void)
> >  	tasklet_init(&fake_device->int_tasklet, fake_VIRQ_tasklet,
> >  			(unsigned long) fake_bridge);
> >  
> > -	strcpy(fake_bridge->name, driver_name);
> > +	strscpy(fake_bridge->name, driver_name, sizeof(fake_bridge->name));
> 

Hi, thanks a lot for the review + comment.

> If it were this easy, we would have swept the tree and done so, right?
> Are you sure this is correct?  If so, please document exactly why it is
> correct in the changelog text when you resend this.

Thought it better to discuss before sending an updated patch
that might be wrong. 

I think it is correct since driver_name:
  * In: vme_fake.c:
	static const char driver_name[] = "vme_fake": 

will always fit into vme_bridge->name:
  * In: vme_bridge.h:
	...
	#define VMENAMSIZ 16
	...
	struct vme_bridge {
		...
		char name[VMENAMSIZ];
		...
	}

but I could have missed something. This is in the module __init
method and i dont see that name pointer being reassigned before
the strcpy call (which was changed).

Maybe its not worth changing, but (if it is correct) it would get
rid of the checkpatch warning and convert to the "preferred" API?

> 
> thanks,
> 
> greg k-h

FWIW Wouldnt it always be better to use the "safe" option since it 
at worst its going to truncate the destination string rather than 
write off the end of the array? 

thanks in advance
cheers
Jonathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ