lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251126111358.64846-1-thorsten.blum@linux.dev>
Date: Wed, 26 Nov 2025 12:13:58 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: "David S. Miller" <davem@...emloft.net>,
	David Ahern <dsahern@...nel.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH net-next] net: ipconfig: Replace strncpy with strscpy_pad in ic_proto_name

strncpy() is deprecated [1] for NUL-terminated destination buffers since
it does not guarantee NUL termination. Replace it with strscpy_pad() to
ensure NUL termination of the destination buffer while retaining the
NUL-padding behavior of strncpy().

Even though the identifier buffer has 252 usable bytes, strncpy()
intentionally copied only 251 bytes into the zero-initialized buffer,
implicitly relying on the last byte to act as the terminator. Switching
to strscpy_pad() removes the need for this trick and avoids using magic
numbers.

The source string is also NUL-terminated and satisfies the
__must_be_cstr() requirement of strscpy_pad().

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
 net/ipv4/ipconfig.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 22a7889876c1..27cc6f8070b7 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -1690,7 +1690,8 @@ static int __init ic_proto_name(char *name)
 			*v = 0;
 			if (kstrtou8(client_id, 0, dhcp_client_identifier))
 				pr_debug("DHCP: Invalid client identifier type\n");
-			strncpy(dhcp_client_identifier + 1, v + 1, 251);
+			strscpy_pad(dhcp_client_identifier + 1, v + 1,
+				    sizeof(dhcp_client_identifier) - 1);
 			*v = ',';
 		}
 		return 1;
-- 
Thorsten Blum <thorsten.blum@...ux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ