| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202504081642.6A3104D@keescook> Date: Tue, 8 Apr 2025 16:42:42 -0700 From: Kees Cook <kees@...nel.org> To: Thorsten Blum <thorsten.blum@...ux.dev> Cc: James Smart <james.smart@...adcom.com>, Ram Vegesna <ram.vegesna@...adcom.com>, "James E.J. Bottomley" <James.Bottomley@...senpartnership.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, linux-hardening@...r.kernel.org, linux-scsi@...r.kernel.org, target-devel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] scsi: elx: sli4: Replace deprecated strncpy() with strscpy() On Tue, Apr 08, 2025 at 12:28:40PM +0200, Thorsten Blum wrote: > strncpy() is deprecated for NUL-terminated destination buffers; use > strscpy() instead. > > Since sli_config_cmd_init() already zeroes out the destination buffers, > the potential NUL-padding by strncpy() is unnecessary. strscpy() copies > only the required characters and guarantees NUL-termination. > > And since all three destination buffers have a fixed length, strscpy() > automatically determines their size using sizeof() when the argument is > omitted. This makes any explicit sizeof() calls unnecessary. > > The source strings are also NUL-terminated and meet the __must_be_cstr() > requirement of strscpy(). > > No functional changes intended. > > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev> Reviewed-by: Kees Cook <kees@...nel.org> -- Kees Cook
Powered by blists - more mailing lists