| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251022175059.7653c2e0@pumpkin> Date: Wed, 22 Oct 2025 17:50:59 +0100 From: David Laight <david.laight.linux@...il.com> To: Krzysztof Kozlowski <krzk@...nel.org> Cc: Thorsten Blum <thorsten.blum@...ux.dev>, Huisong Li <lihuisong@...wei.com>, Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store On Mon, 20 Oct 2025 09:01:08 +0200 Krzysztof Kozlowski <krzk@...nel.org> wrote: > On 17/10/2025 19:00, Thorsten Blum wrote: > > strcpy() is deprecated because it can overflow when the destination > > buffer is not large enough for the source string. Replace it with > > It cannot overflow. Look at the code - memory is allocated for the size. > > > strscpy(), which avoids overflows and guarantees NUL-termination. > > Maybe NUL-termination is missing, could be. > > Anyway please write commit msg describing this exact code, not a generic > one for work replacing strcpy(). Your generic commit msg is just not > applicable here. > > And even there, just look at the code - why exactly cannot it be > simplified into ksrtdup? Or use a different function for numeric conversion that behaves like the userspace strtoul() family and returns a pointer to the character that fails the conversion - and then check it is a space. Then there isn't any need to copy the string at all. David > > > > Best regards, > Krzysztof >
Powered by blists - more mailing lists