lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251119130231.171352-1-thorsten.blum@linux.dev>
Date: Wed, 19 Nov 2025 14:02:30 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: David Laight <david.laight.linux@...il.com>,
	Namjae Jeon <linkinjeon@...nel.org>,
	Steve French <smfrench@...il.com>,
	Sergey Senozhatsky <senozhatsky@...omium.org>,
	Tom Talpey <tom@...pey.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
	linux-cifs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH v2] ksmbd: Replace strcpy + strcat to improve convert_to_nt_pathname

strcpy() is deprecated [1] and using strcat() is discouraged. Replace
them by assigning the prefix directly and by using memcpy() to copy the
pathname. Using memcpy() is safe because we already know the length of
the source string and that it is guaranteed to be NUL-terminated.

Allocate only as many bytes as needed and replace kzalloc() with
kmalloc() since memcpy() overwrites the entire buffer anyway.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
Changes in v2:
- Assign the prefix directly if needed
- Use memcpy() instead of scnprintf() (David)
- Allocate only as many bytes as needed
- Replace kzalloc() with kmalloc()
- Update patch title and description
- Link to v1: https://lore.kernel.org/lkml/20251118122555.75624-2-thorsten.blum@linux.dev/
---
 fs/smb/server/misc.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/fs/smb/server/misc.c b/fs/smb/server/misc.c
index cb2a11ffb23f..a543ec9d3581 100644
--- a/fs/smb/server/misc.c
+++ b/fs/smb/server/misc.c
@@ -164,6 +164,8 @@ char *convert_to_nt_pathname(struct ksmbd_share_config *share,
 {
 	char *pathname, *ab_pathname, *nt_pathname;
 	int share_path_len = share->path_sz;
+	size_t ab_pathname_len;
+	int prefix;
 
 	pathname = kmalloc(PATH_MAX, KSMBD_DEFAULT_GFP);
 	if (!pathname)
@@ -180,15 +182,18 @@ char *convert_to_nt_pathname(struct ksmbd_share_config *share,
 		goto free_pathname;
 	}
 
-	nt_pathname = kzalloc(strlen(&ab_pathname[share_path_len]) + 2,
-			      KSMBD_DEFAULT_GFP);
+	ab_pathname_len = strlen(&ab_pathname[share_path_len]);
+	prefix = ab_pathname[share_path_len] == '\0' ? 1 : 0;
+	nt_pathname = kmalloc(prefix + ab_pathname_len + 1, KSMBD_DEFAULT_GFP);
 	if (!nt_pathname) {
 		nt_pathname = ERR_PTR(-ENOMEM);
 		goto free_pathname;
 	}
-	if (ab_pathname[share_path_len] == '\0')
-		strcpy(nt_pathname, "/");
-	strcat(nt_pathname, &ab_pathname[share_path_len]);
+
+	if (prefix)
+		*nt_pathname = '/';
+	memcpy(nt_pathname + prefix, &ab_pathname[share_path_len],
+	       ab_pathname_len + 1);
 
 	ksmbd_conv_path_to_windows(nt_pathname);
 
-- 
2.51.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ