| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Dec 2023 22:57:06 +0000 From: "Russell King (Oracle)" <linux@...linux.org.uk> To: Justin Stitt <justinstitt@...gle.com> Cc: Andrew Lunn <andrew@...n.ch>, Heiner Kallweit <hkallweit1@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v2] net: mdio-gpio: replace deprecated strncpy with strscpy On Thu, Dec 07, 2023 at 09:54:31PM +0000, Justin Stitt wrote: > We expect new_bus->id to be NUL-terminated but not NUL-padded based on > its prior assignment through snprintf: > | snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id); > > We can also use sizeof() instead of a length macro as this more closely > ties the maximum buffer size to the destination buffer. Honestly, this looks machine generated and unreviewed by the submitter, because... > if (bus_id != -1) > snprintf(new_bus->id, MII_BUS_ID_SIZE, "gpio-%x", bus_id); > else > - strncpy(new_bus->id, "gpio", MII_BUS_ID_SIZE); > + strscpy(new_bus->id, "gpio", sizeof(new_bus->id)); If there is an argument for not using MII_BUS_ID_SIZE in one place, then the very same argument applies to snprintf(). If one place changes the other also needs to be changed. -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
Powered by blists - more mailing lists