| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ike6svev.fsf@bootlin.com> Date: Tue, 16 Dec 2025 09:06:16 +0100 From: Miquel Raynal <miquel.raynal@...tlin.com> To: Dharanitharan R <dharanitharan725@...il.com> Cc: Richard Weinberger <richard@....at>, Vignesh Raghavendra <vigneshr@...com>, linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v1] mtd: sm_ftl: use strscpy() in sm_attr_show() Hello, On 06/12/2025 at 03:53:13 GMT, Dharanitharan R <dharanitharan725@...il.com> wrote: > In sm_ftl.c, the sm_attr_show() function currently copies > attribute data using: > > strncpy(buf, sm_attr->data, sm_attr->len); > return sm_attr->len; > > Using strncpy() can be unsafe because it does not guarantee > a NUL terminator if the source length equals the buffer size. > Although sm_attr->data comes from internal structures and > is NUL-terminated, it is cleaner and safer to use strscpy(), > which guarantees NUL termination and avoids zero-padding. > > The destination buffer is PAGE_SIZE bytes, which is sufficient > to hold sm_attr->data without truncation. The return value > of strscpy() matches the expected behavior of sm_attr_show(). > > Replace the strncpy() call with: > > return strscpy(buf, sm_attr->data, PAGE_SIZE); > > Signed-off-by: Dharanitharan R <dharanitharan725@...il.com> This commit won't apply, please resend based on v6.19-rc1. Thanks, Miquèl
Powered by blists - more mailing lists