lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251113192218.3c17dabc@pumpkin>
Date: Thu, 13 Nov 2025 19:22:18 +0000
From: David Laight <david.laight.linux@...il.com>
To: Shi Hao <i.shihao.999@...il.com>
Cc: pavan.chebbi@...adcom.com, mchan@...adcom.com, andrew+netdev@...n.ch,
 davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: ethernet: broadcom: replace strcpy with strscpy

On Thu, 13 Nov 2025 13:55:17 +0530
Shi Hao <i.shihao.999@...il.com> wrote:

> Replace strcpy function calls with strscpy to ensure bounds checking
> in the destination buffer, preventing buffer overflows and improving
> security. This change aligns with current kernel coding guidelines
> and best practices.
> 
...
> -			strcpy(tp->board_part_number, "BCM5717");
> +			strscpy(tp->board_part_number, "BCM5717", TG3_BPN_SIZE);

No one really knows that TG3_BPN_SIZE is in any way related to the destination.
So this doesn't actually make the code that much better at all.

Since tp->board_part_number is an array and "BCM5717" a constant I suspect
there is already a compile-time check that the string fits.
The strcpy() will also be converted to a memcpy().

So all, in all, this makes the code worse on several fronts.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ