lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAD=FV=WtB7BB0vo9FDncgCraCwLMZyYZHYKhs5BprzDcHYQFWQ@mail.gmail.com>
Date: Mon, 18 Aug 2025 09:17:47 -0700
From: Doug Anderson <dianders@...omium.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Jason Wessel <jason.wessel@...driver.com>, Daniel Thompson <danielt@...nel.org>, 
	"Dr. David Alan Gilbert" <linux@...blig.org>, Zhang Heng <zhangheng@...inos.cn>, 
	linux-hardening@...r.kernel.org, kgdb-bugreport@...ts.sourceforge.net, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kdb: Replace deprecated strcpy() with strscpy()

Hi,

On Mon, Aug 18, 2025 at 4:03 AM Thorsten Blum <thorsten.blum@...ux.dev> wrote:
>
> Hi Doug,
>
> On 19. Jul 2025, at 00:48, Doug Anderson wrote:
> > On Fri, Jul 18, 2025 at 2:40 PM Thorsten Blum wrote:
> >>
> >> strcpy() is deprecated; use strscpy() instead.
> >>
> >> Link: https://github.com/KSPP/linux/issues/88
> >> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> >> ---
> >> kernel/debug/kdb/kdb_support.c | 4 +++-
> >> 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > nit: Since this only covers things in the file `kdb_support.c` and not
> > everything in kernel/debug/kdb, perhaps that should be in the subject
> > line? Maybe "kdb: Replace deprecated strcpy() with strscpy() in
> > kdb_strdup()"?
> >
> > Other than that, this looks fine to me.
> >
> > Reviewed-by: Douglas Anderson <dianders@...omium.org>
>
> I'm preparing a patch series for Daniel with my kdb changes.
>
> For this one here, I initially used:
>
>         strscpy(s, str, n);
>         return s;
>
> to replace 'return strcpy(s, str);', but now prefer:
>
>         memcpy(s, str, n);
>         return s;
>
> because we already know the string length 'n'.
>
> Can I keep your Reviewed-by: tag when making this change and submitting
> it as part of a patch series?

Sure.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ