lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d5525686-aefc-439e-8c27-d41a2ee2eb69@stanley.mountain>
Date: Wed, 28 Aug 2024 11:54:08 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Hongbo Li <lihongbo22@...wei.com>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
	pabeni@...hat.com, dsahern@...nel.org, ralf@...ux-mips.org,
	jmaloy@...hat.com, ying.xue@...driver.com, netdev@...r.kernel.org,
	linux-hams@...r.kernel.org, netfilter-devel@...r.kernel.org
Subject: Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy

On Wed, Aug 28, 2024 at 03:43:30PM +0800, Hongbo Li wrote:
> 
> 
> On 2024/8/27 20:30, Dan Carpenter wrote:
> > On Tue, Aug 27, 2024 at 07:35:22PM +0800, Hongbo Li wrote:
> > > The deprecated helper strcpy() performs no bounds checking on the
> > > destination buffer. This could result in linear overflows beyond
> > > the end of the buffer, leading to all kinds of misbehaviors.
> > > The safe replacement is strscpy() [1].
> > > 
> > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> > > 
> > > Signed-off-by: Hongbo Li <lihongbo22@...wei.com>
> > > ---
> > >   net/core/dev.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/net/core/dev.c b/net/core/dev.c
> > > index 0d0b983a6c21..f5e0a0d801fd 100644
> > > --- a/net/core/dev.c
> > > +++ b/net/core/dev.c
> > > @@ -11121,7 +11121,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
> > >   	if (!dev->ethtool)
> > >   		goto free_all;
> > > -	strcpy(dev->name, name);
> > > +	strscpy(dev->name, name, sizeof(dev->name));
> > 
> > You can just do:
> > 
> > 	strscpy(dev->name, name);
> > 
> > I prefer this format because it ensures that dev->name is an array and not a
> > pointer.  Also shorter.
> ok, I'll remove the len.(Most of these are an array, not a pointer)

s/Most/all/.

If it were a pointer that would have been a bug and someone would have
complained already.  :P

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ