lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251205180354.621925-1-katharasasikumar007@gmail.com>
Date: Fri,  5 Dec 2025 18:03:54 +0000
From: Kathara Sasikumar <katharasasikumar007@...il.com>
To: richard.henderson@...aro.org
Cc: mattst88@...il.com, linmag7@...il.com, david.hunter.linux@...il.com, linux-alpha@...r.kernel.org, linux-kernel@...r.kernel.org, shuah@...nel.org, skhan@...uxfoundation.org, katharasasikumar007@...il.com
Subject: [PATCH] alpha/boot: replace strcpy() with strscpy() when copying envval

strcpy() does not check the size of the destination buffer and is
deprecated in the kernel as documented in
Documentation/process/deprecated.rst. ZERO_PGE is PAGE_SIZE bytes, so
using strscpy() with PAGE_SIZE makes the copy safe and avoids any risk
of overflow.

No functional change intended.

Signed-off-by: Kathara Sasikumar <katharasasikumar007@...il.com>
---
 arch/alpha/boot/bootp.c | 2 +-
 arch/alpha/boot/main.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/alpha/boot/bootp.c b/arch/alpha/boot/bootp.c
index 842e85776cc0..e0b411ded992 100644
--- a/arch/alpha/boot/bootp.c
+++ b/arch/alpha/boot/bootp.c
@@ -204,7 +204,7 @@ start_kernel(void)
         load(START_ADDR, START_ADDR+(4*KERNEL_SIZE), KERNEL_SIZE);
 
 	memset((char*)ZERO_PGE, 0, PAGE_SIZE);
-	strcpy((char*)ZERO_PGE, envval);
+	strscpy((char *)ZERO_PGE, envval, PAGE_SIZE);
 #ifdef INITRD_IMAGE_SIZE
 	((long *)(ZERO_PGE+256))[0] = initrd_start;
 	((long *)(ZERO_PGE+256))[1] = INITRD_IMAGE_SIZE;
diff --git a/arch/alpha/boot/main.c b/arch/alpha/boot/main.c
index 22a1cb0264af..7ec728c037d8 100644
--- a/arch/alpha/boot/main.c
+++ b/arch/alpha/boot/main.c
@@ -180,7 +180,7 @@ void start_kernel(void)
 		nbytes = 0;
 	}
 	envval[nbytes] = '\0';
-	strcpy((char*)ZERO_PGE, envval);
+	strscpy((char *)ZERO_PGE, envval, PAGE_SIZE);
 
 	srm_printk(" Ok\nNow booting the kernel\n");
 	runkernel();
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ