| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a60d4c8f-409e-4149-9eae-64bb3ea2e6bf@stanley.mountain> Date: Tue, 27 Aug 2024 15:30:26 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Hongbo Li <lihongbo22@...wei.com> Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, dsahern@...nel.org, ralf@...ux-mips.org, jmaloy@...hat.com, ying.xue@...driver.com, netdev@...r.kernel.org, linux-hams@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy On Tue, Aug 27, 2024 at 07:35:22PM +0800, Hongbo Li wrote: > The deprecated helper strcpy() performs no bounds checking on the > destination buffer. This could result in linear overflows beyond > the end of the buffer, leading to all kinds of misbehaviors. > The safe replacement is strscpy() [1]. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1] > > Signed-off-by: Hongbo Li <lihongbo22@...wei.com> > --- > net/core/dev.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/core/dev.c b/net/core/dev.c > index 0d0b983a6c21..f5e0a0d801fd 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -11121,7 +11121,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name, > if (!dev->ethtool) > goto free_all; > > - strcpy(dev->name, name); > + strscpy(dev->name, name, sizeof(dev->name)); You can just do: strscpy(dev->name, name); I prefer this format because it ensures that dev->name is an array and not a pointer. Also shorter. regards, dan carpenter
Powered by blists - more mailing lists