lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2026020706-unfixable-finch-0e17@gregkh>
Date: Sat, 7 Feb 2026 14:27:52 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Artem Lytkin <iprintercanon@...il.com>
Cc: Sudip Mukherjee <sudipm.mukherjee@...il.com>,
	Teddy Wang <teddy.wang@...iconmotion.com>,
	linux-fbdev@...r.kernel.org, linux-staging@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/5] staging: sm750fb: replace strcat() with memcpy()
 in lynxfb_setup()

On Wed, Feb 04, 2026 at 12:05:58PM +0000, Artem Lytkin wrote:
> As part of kernel hardening, I am auditing calls to strcat().  This
> code works but it is a bit ugly.
> 
> This function takes a string "options" and allocates "g_settings"
> which is large enough to hold a copy of "options".  It copies all the
> options from "options" to "g_settings" except "noaccel", "nomtrr" and
> "dual".  The new buffer is large enough to fit all the options so
> there is no buffer overflow in using strcat() here.
> 
> However, using strcat() is misleading because "tmp" always points
> to the next unused character in the "g_settings" buffer and it's
> always the NUL character.  Use memcpy() instead to make the code
> easier to read.  This also removes an instance of strcat() which
> is a #NiceBonus.
> 
> Signed-off-by: Artem Lytkin <iprintercanon@...il.com>
> ---
>  drivers/staging/sm750fb/sm750.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c
> index fecd7457e..4c6e84c03 100644
> --- a/drivers/staging/sm750fb/sm750.c
> +++ b/drivers/staging/sm750fb/sm750.c
> @@ -1163,7 +1163,7 @@ static int __init lynxfb_setup(char *options)
>  		} else if (!strncmp(opt, "dual", strlen("dual"))) {
>  			g_dualview = 1;
>  		} else {
> -			strcat(tmp, opt);
> +			memcpy(tmp, opt, strlen(opt));

You are open-coding a call to strcat() here :(

Please don't replace one "warning" with another, this will just cause
code churn over time.  If the original code is fine, just leave it
as-is, your change here did not actually do anything at all.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ