lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1c0e94ff-617b-4672-addb-8933f92edc29@lunn.ch> Date: Sat, 14 Oct 2023 18:31:16 +0200 From: Andrew Lunn <andrew@...n.ch> To: Justin Stitt <justinstitt@...gle.com> Cc: Jiawen Wu <jiawenwu@...stnetic.com>, Mengyuan Lou <mengyuanlou@...-swift.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] net: txgbe: replace deprecated strncpy with strscpy On Thu, Oct 12, 2023 at 09:20:04PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on usage part_str usage within txgbe_read_pba_string(), we expect > part_str to be NUL-terminated but not necessarily NUL-padded: > | /* put a null character on the end of our string */ > | pba_num[10] = '\0'; > > Interestingly, part_str is not used after txgbe_read_pba_string(): > | ... > | err = txgbe_read_pba_string(wx, part_str, TXGBE_PBANUM_LENGTH); > | if (err) > | strscpy(part_str, "Unknown", sizeof(part_str)); > | > | netif_info(wx, probe, netdev, "%pM\n", netdev->dev_addr); > | > | return 0; > | > |err_remove_phy: > | txgbe_remove_phy(txgbe); > |err_release_hw: > | wx_clear_interrupt_scheme(wx); > | wx_control_hw(wx, false); > |err_free_mac_table: > | kfree(wx->mac_table); > |err_pci_release_regions: > | pci_release_selected_regions(pdev, > | pci_select_bars(pdev, IORESOURCE_MEM)); > |err_pci_disable_dev: > | pci_disable_device(pdev); > | return err; > |} > ... this means this strncpy (or now strscpy) is probably useless. For > now, let's make the swap to strscpy() as I am not sure if this is truly > dead code or not. Hi Julian I agree, this looks like dead code. Jiawen, please could you submit a patch cleaning this up. Either swap to strscpy() and make use of the string, or delete it all. Andrew --- pw-bot: cr
Powered by blists - more mailing lists