lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190527143341.1dbc04c8@hermes.lan> Date: Mon, 27 May 2019 14:33:41 -0700 From: Stephen Hemminger <stephen@...workplumber.org> To: "Gustavo A. R. Silva" <gustavo@...eddedor.com> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH net-next] macvlan: Replace strncpy() by strscpy() On Mon, 27 May 2019 16:28:05 -0500 "Gustavo A. R. Silva" <gustavo@...eddedor.com> wrote: > On 5/27/19 4:20 PM, Stephen Hemminger wrote: > > On Mon, 27 May 2019 13:38:55 -0500 > > "Gustavo A. R. Silva" <gustavo@...eddedor.com> wrote: > > > >> The strncpy() function is being deprecated. Replace it by the safer > >> strscpy() and fix the following Coverity warning: > >> > >> "Calling strncpy with a maximum size argument of 16 bytes on destination > >> array ifrr.ifr_ifrn.ifrn_name of size 16 bytes might leave the destination > >> string unterminated." > >> > >> Notice that, unlike strncpy(), strscpy() always null-terminates the > >> destination string. > >> > >> Addresses-Coverity-ID: 1445537 ("Buffer not null terminated") > >> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com> > >> --- > >> drivers/net/macvlan.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c > >> index 61550122b563..0ccabde8e9c9 100644 > >> --- a/drivers/net/macvlan.c > >> +++ b/drivers/net/macvlan.c > >> @@ -831,7 +831,7 @@ static int macvlan_do_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) > >> struct ifreq ifrr; > >> int err = -EOPNOTSUPP; > >> > >> - strncpy(ifrr.ifr_name, real_dev->name, IFNAMSIZ); > >> + strscpy(ifrr.ifr_name, real_dev->name, IFNAMSIZ); > >> ifrr.ifr_ifru = ifr->ifr_ifru; > >> > >> switch (cmd) { > > > > Why not use strlcpy like all the other places IFNAMSIZ is copied? > > > > strlcpy() is also being deprecated. Are you going to fix all these: $ git grep strlcpy | grep IFNAMSIZ| wc -l 47
Powered by blists - more mailing lists