| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250311083701.6947bd0d@batman.local.home> Date: Tue, 11 Mar 2025 08:37:01 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: Thorsten Blum <thorsten.blum@...ux.dev> Cc: Masami Hiramatsu <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org Subject: Re: [PATCH] tracing/synthetic: Replace deprecated strncpy() with strscpy() On Mon, 10 Mar 2025 21:03:58 +0100 Thorsten Blum <thorsten.blum@...ux.dev> wrote: > diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c > index e3f7d09e5512..4b51f74897b4 100644 > --- a/kernel/trace/trace_events_synth.c > +++ b/kernel/trace/trace_events_synth.c > @@ -207,8 +207,7 @@ static int synth_field_string_size(char *type) > if (len == 0) > return 0; /* variable-length string */ > > - strncpy(buf, start, len); > - buf[len] = '\0'; > + strscpy(buf, start, len + 1); > > err = kstrtouint(buf, 0, &size); > if (err) > - Looking at the code, it calculates the start and end by scanning the string. I think it's better to just use memcpy() instead. It's not like it's copying a random string passed in. -- Steve
Powered by blists - more mailing lists