lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20260120145024.261806-1-foster.ryan.r@gmail.com>
Date: Tue, 20 Jan 2026 06:50:24 -0800
From: Ryan Foster <foster.ryan.r@...il.com>
To: john.johansen@...onical.com
Cc: paul@...l-moore.com,
	jmorris@...ei.org,
	serge@...lyn.com,
	apparmor@...ts.ubuntu.com,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Ryan Foster <foster.ryan.r@...il.com>
Subject: [PATCH] apparmor: replace strcpy with strscpy

Found by checkpatch. Replace strcpy() with strscpy() for safer
string handling per KSPP recommendations.

Two changes:
- apparmorfs.c: gen_symlink_name() uses tracked buffer size
- lib.c: aa_policy_init() uses exact allocation size

Link: https://github.com/KSPP/linux/issues/88
Signed-off-by: Ryan Foster <foster.ryan.r@...il.com>
---
 security/apparmor/apparmorfs.c | 2 +-
 security/apparmor/lib.c        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 907bd2667e28..f38974231df2 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1614,7 +1614,7 @@ static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
 		return ERR_PTR(-ENOMEM);
 
 	for (; depth > 0; depth--) {
-		strcpy(s, "../../");
+		strscpy(s, "../../", size);
 		s += 6;
 		size -= 6;
 	}
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 82dbb97ad406..7cb393f91a10 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -487,7 +487,7 @@ bool aa_policy_init(struct aa_policy *policy, const char *prefix,
 	} else {
 		hname = aa_str_alloc(strlen(name) + 1, gfp);
 		if (hname)
-			strcpy(hname, name);
+			strscpy(hname, name, strlen(name) + 1);
 	}
 	if (!hname)
 		return false;
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ