| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3AFD7702-7D6F-479C-950A-CA439E01838C@zytor.com>
Date: Wed, 07 May 2025 13:14:31 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Ruben Wauters <rubenru09@....com>, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org
CC: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/cpu/intel: replace deprecated strcpy with strscpy
On May 7, 2025 11:51:36 AM PDT, Ruben Wauters <rubenru09@....com> wrote:
>strcpy is deprecated due to lack of bounds checking.
>This patch replaces strcpy with strscpy, the recommended alternative for
>null terminated strings, to follow best practices.
>
>Signed-off-by: Ruben Wauters <rubenru09@....com>
>---
> arch/x86/kernel/cpu/intel.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
>index 584dd55bf739..b49bba30434d 100644
>--- a/arch/x86/kernel/cpu/intel.c
>+++ b/arch/x86/kernel/cpu/intel.c
>@@ -607,7 +607,7 @@ static void init_intel(struct cpuinfo_x86 *c)
> }
>
> if (p)
>- strcpy(c->x86_model_id, p);
>+ strscpy(c->x86_model_id, p);
> }
> #endif
>
strscpy() needs a buffer length; this patch wouldn't even compile!
Not to mention that the string in question is generated in such a way that cannot be unterminated.
Powered by blists - more mailing lists