| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <921bdec9-e5bb-4d16-955d-beefc9958d58@canonical.com>
Date: Wed, 4 Feb 2026 23:52:24 -0800
From: John Johansen <john.johansen@...onical.com>
To: Ryan Foster <foster.ryan.r@...il.com>
Cc: paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
apparmor@...ts.ubuntu.com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] apparmor: replace strcpy with strscpy
On 1/20/26 06:50, Ryan Foster wrote:
> Found by checkpatch. Replace strcpy() with strscpy() for safer
> string handling per KSPP recommendations.
>
> Two changes:
> - apparmorfs.c: gen_symlink_name() uses tracked buffer size
> - lib.c: aa_policy_init() uses exact allocation size
>
> Link: https://github.com/KSPP/linux/issues/88
> Signed-off-by: Ryan Foster <foster.ryan.r@...il.com>
this collides with two different patches I previously pulled in
1c90ed1f14c98 apparmor: Replace deprecated strcpy with memcpy in gen_symlink_name
b31d3f7385fbb apparmor: Replace sprintf/strcpy with scnprintf/strscpy in aa_policy_init
if you want to refresh this, I will look at pulling it in
> ---
> security/apparmor/apparmorfs.c | 2 +-
> security/apparmor/lib.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 907bd2667e28..f38974231df2 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -1614,7 +1614,7 @@ static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
> return ERR_PTR(-ENOMEM);
>
> for (; depth > 0; depth--) {
> - strcpy(s, "../../");
> + strscpy(s, "../../", size);
> s += 6;
> size -= 6;
> }
> diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
> index 82dbb97ad406..7cb393f91a10 100644
> --- a/security/apparmor/lib.c
> +++ b/security/apparmor/lib.c
> @@ -487,7 +487,7 @@ bool aa_policy_init(struct aa_policy *policy, const char *prefix,
> } else {
> hname = aa_str_alloc(strlen(name) + 1, gfp);
> if (hname)
> - strcpy(hname, name);
> + strscpy(hname, name, strlen(name) + 1);
> }
> if (!hname)
> return false;
Powered by blists - more mailing lists