| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKAoaQnOfAU2LgLRwNNHion=-iHB1fSfPnfSFUQMmUyyEzu6LQ@mail.gmail.com> Date: Wed, 6 Nov 2024 21:20:10 +0100 From: Roland Mainz <roland.mainz@...bsig.org> To: open list <linux-kernel@...r.kernel.org>, Linux NFS Mailing List <linux-nfs@...r.kernel.org> Subject: Re: [PATCH] nfs_sysfs_link_rpc_client(): Replace strcpy with strscpy On Wed, Nov 6, 2024 at 3:49 AM Daniel Yang <danielyangkang@...il.com> wrote: > > The function strcpy is deprecated due to lack of bounds checking. The > recommended replacement is strscpy. > > Signed-off-by: Daniel Yang <danielyangkang@...il.com> > --- > fs/nfs/sysfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c > index bf378ecd5..f3d0b2ef9 100644 > --- a/fs/nfs/sysfs.c > +++ b/fs/nfs/sysfs.c > @@ -280,7 +280,7 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server, > char name[RPC_CLIENT_NAME_SIZE]; > int ret; > > - strcpy(name, clnt->cl_program->name); > + strscpy(name, clnt->cl_program->name); How should the "bounds checking" work in this case if you only pass two arguments ? Per https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html |strscpy()| takes three arguments... ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz@...bsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;)
Powered by blists - more mailing lists