diff mbox series

w1: sgi_w1: Replace all non-returning strlcpy with strscpy

Message ID 20230523022023.2406955-1-azeemshaikh38@gmail.com (mailing list archive)
State Mainlined
Commit 5dfd3c73ff81618fee0ef682b6fd7779863f41e4
Headers show
Series w1: sgi_w1: Replace all non-returning strlcpy with strscpy | expand

Commit Message

Azeem Shaikh May 23, 2023, 2:20 a.m. UTC 
strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
---
 drivers/w1/masters/sgi_w1.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kees Cook May 23, 2023, 5:22 p.m. UTC | #1 
On Tue, May 23, 2023 at 02:20:23AM +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
> 
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>

Reviewed-by: Kees Cook <keescook@chromium.org>
Kees Cook May 30, 2023, 11:06 p.m. UTC | #2 
On Tue, 23 May 2023 02:20:23 +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [...]

Applied to for-next/hardening, thanks!

[1/1] w1: sgi_w1: Replace all non-returning strlcpy with strscpy
      https://git.kernel.org/kees/c/4e4424b20cc4
Krzysztof Kozlowski June 1, 2023, 5:03 p.m. UTC | #3 
On 31/05/2023 01:06, Kees Cook wrote:
> On Tue, 23 May 2023 02:20:23 +0000, Azeem Shaikh wrote:
>> strlcpy() reads the entire source buffer first.
>> This read may exceed the destination size limit.
>> This is both inefficient and can lead to linear read
>> overflows if a source string is not NUL-terminated [1].
>> In an effort to remove strlcpy() completely [2], replace
>> strlcpy() here with strscpy().
>> No return values were used, so direct replacement is safe.
>>
>> [...]
> 
> Applied to for-next/hardening, thanks!
> 
> [1/1] w1: sgi_w1: Replace all non-returning strlcpy with strscpy
>       https://git.kernel.org/kees/c/4e4424b20cc4

Please drop. This was already fixed and is in linux-next since almost a
month:

https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-w1.git/commit/?h=for-next&id=5dfd3c73ff81618fee0ef682b6fd7779863f41e4

> 

Best regards,
Krzysztof
Krzysztof Kozlowski June 1, 2023, 5:03 p.m. UTC | #4 
On 23/05/2023 04:20, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89

This was already fixed. Please work on linux-next.

https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-w1.git/commit/?h=for-next&id=5dfd3c73ff81618fee0ef682b6fd7779863f41e4

Best regards,
Krzysztof
Kees Cook June 1, 2023, 6:25 p.m. UTC | #5 
On Thu, Jun 01, 2023 at 07:03:41PM +0200, Krzysztof Kozlowski wrote:
> On 31/05/2023 01:06, Kees Cook wrote:
> > On Tue, 23 May 2023 02:20:23 +0000, Azeem Shaikh wrote:
> >> strlcpy() reads the entire source buffer first.
> >> This read may exceed the destination size limit.
> >> This is both inefficient and can lead to linear read
> >> overflows if a source string is not NUL-terminated [1].
> >> In an effort to remove strlcpy() completely [2], replace
> >> strlcpy() here with strscpy().
> >> No return values were used, so direct replacement is safe.
> >>
> >> [...]
> > 
> > Applied to for-next/hardening, thanks!
> > 
> > [1/1] w1: sgi_w1: Replace all non-returning strlcpy with strscpy
> >       https://git.kernel.org/kees/c/4e4424b20cc4
> 
> Please drop. This was already fixed and is in linux-next since almost a
> month:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-w1.git/commit/?h=for-next&id=5dfd3c73ff81618fee0ef682b6fd7779863f41e4

Thanks! Dropped.
diff mbox series

Patch

diff --git a/drivers/w1/masters/sgi_w1.c b/drivers/w1/masters/sgi_w1.c
index e8c7fa68d3cc..d7fbc3c146e1 100644
--- a/drivers/w1/masters/sgi_w1.c
+++ b/drivers/w1/masters/sgi_w1.c
@@ -93,7 +93,7 @@  static int sgi_w1_probe(struct platform_device *pdev)
 
 	pdata = dev_get_platdata(&pdev->dev);
 	if (pdata) {
-		strlcpy(sdev->dev_id, pdata->dev_id, sizeof(sdev->dev_id));
+		strscpy(sdev->dev_id, pdata->dev_id, sizeof(sdev->dev_id));
 		sdev->bus_master.dev_id = sdev->dev_id;
 	}