| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250620122715.GR4037@twin.jikos.cz> Date: Fri, 20 Jun 2025 14:27:15 +0200 From: David Sterba <dsterba@...e.cz> To: Brahmajit Das <listout@...tout.xyz> Cc: linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, linux-btrfs@...r.kernel.org, clm@...com, josef@...icpanda.com, dsterba@...e.com, kees@...nel.org, ailiop@...e.com, Mark Harmstone <mark@...mstone.com> Subject: Re: [PATCH v3] btrfs: replace deprecated strcpy with strscpy On Fri, Jun 20, 2025 at 07:13:44AM +0530, Brahmajit Das wrote: > strcpy is deprecated due to lack of bounds checking. This patch replaces > strcpy with strscpy, the recommended alternative for null terminated > strings, to follow best practices. > > There are instances where strscpy cannot be used such as where both the > source and destination are character pointers. In that instance we can > use sysfs_emit or a memcpy. > > Update in v2: using sysfs_emit instead of scnprintf > Update in v3: Removed string.h in xattr, since we are not using any > fucntions from string.h and fixed length in memcpy in volumes.c This should be placed under the "---" marker. If it's a new information relevant for the patch then it should be a normal part of the changelog. > No functional changes intended. No need to write this. > > Link: https://github.com/KSPP/linux/issues/88 No newline here. > Suggested-by: Anthony Iliopoulos <ailiop@...e.com> > Suggested-by: Mark Harmstone <mark@...mstone.com> > Signed-off-by: Brahmajit Das <listout@...tout.xyz> Otherwise it looks good, thanks.
Powered by blists - more mailing lists