lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAJZ5v0hyROLY9aR+5vqBWzwy3O0ncCapAYuAMp0X_HkWaj=ecQ@mail.gmail.com>
Date: Thu, 4 Jul 2024 14:22:57 +0200
From: "Rafael J. Wysocki" <rafael@...nel.org>
To: Muhammad Qasim Abdul Majeed <qasim.majeed20@...il.com>
Cc: rafael@...nel.org, lenb@...nel.org, linux-acpi@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] Updating a deprecated use of strcpy.

On Wed, Jul 3, 2024 at 10:49 AM Muhammad Qasim Abdul Majeed
<qasim.majeed20@...il.com> wrote:
>
> Replacing strcpy with strscpy.
> strcpy is a deprecated function.
> It should be removed from the kernel source.
>
> Link: https://github.com/KSPP/linux/issues/88
>
> Signed-off-by: Muhammad Qasim Abdul Majeed <qasim.majeed20@...il.com>
>
> > Replacing strcpy with strscpy and memory bound the copy.
>
> > Why?  In this particular case, it is not fundamentally necessary.
>
> > strcpy is a deprecated function. It should be removed from the kernel source.
>
> > If the goal is to get rid of all strcpy() calls from the kernel
> > because using it is generally unsafe, just say so in the changelog and
> > it will be fine.
> changelog has been updated.
>
> > So is it necessary to use the size argument here and below?
> Size argument is not necessary as destination is an array of 40 bytes. Patch has been updated.
>
> > for that to work, shouldn't the size of the *destination* buffer be
> > passed, instead of the length of the string we want to copy?
> Yes, size of the destination should be passed.
>
> > Not tested, but the 3rd argument of strscpy () is optional.
> > (https://elixir.bootlin.com/linux/v6.10-rc6/source/include/linux/string.h#L87),
> > so maybe just:
>
> >        strscpy(acpi_device_name(device), ACPI_VIDEO_DEVICE_NAME);
> Thank you for sharing the reference, this suggestion will do the work and accomodated in the patch.
>
> ---
>         v2 -> v3: Changelog has been updated. size argument has been removed.
>
>  drivers/acpi/acpi_video.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c
> index 1fda30388297..8274a17872ed 100644
> --- a/drivers/acpi/acpi_video.c
> +++ b/drivers/acpi/acpi_video.c
> @@ -1128,8 +1128,8 @@ static int acpi_video_bus_get_one_device(struct acpi_device *device, void *arg)
>                 return -ENOMEM;
>         }
>
> -       strcpy(acpi_device_name(device), ACPI_VIDEO_DEVICE_NAME);
> -       strcpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
> +       strscpy(acpi_device_name(device), ACPI_VIDEO_DEVICE_NAME);
> +       strscpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
>
>         data->device_id = device_id;
>         data->video = video;
> @@ -2010,8 +2010,8 @@ static int acpi_video_bus_add(struct acpi_device *device)
>         }
>
>         video->device = device;
> -       strcpy(acpi_device_name(device), ACPI_VIDEO_BUS_NAME);
> -       strcpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
> +       strscpy(acpi_device_name(device), ACPI_VIDEO_BUS_NAME);
> +       strscpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
>         device->driver_data = video;
>
>         acpi_video_bus_find_cap(video);
> --

Applied as 6.11 material with edited subject and changelog, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ