| Message ID | 20231019-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-v2-1-179b211a374b@google.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 70582e26f5d9a94b373f925186c03455849fd3db |
| Headers | show |
| Series | [v2] wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad | expand |
On Thu, Oct 19, 2023 at 05:44:59PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that > both dump_info->dev_human_readable and dump_info->bus_human_readable are > intended to be NUL-terminated. > > Moreover, since this seems to cross the file boundary let's NUL-pad to > ensure no behavior change. > > strscpy_pad() covers both the NUL-termination and NUL-padding, let's use > it. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Thanks for the respin! Reviewed-by: Kees Cook <keescook@chromium.org>
On Thu, Oct 19, 2023 at 05:44:59PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that > both dump_info->dev_human_readable and dump_info->bus_human_readable are > intended to be NUL-terminated. > > Moreover, since this seems to cross the file boundary let's NUL-pad to > ensure no behavior change. > > strscpy_pad() covers both the NUL-termination and NUL-padding, let's use > it. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Thread ping. Can the wireless folks please pick this up? Thanks! -Kees > --- > Changes in v2: > - prefer strscpy_pad (thanks Kees) > - Link to v1: https://lore.kernel.org/r/20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-v1-1-bf69ec7d1b97@google.com > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > index 3ab6a68f1e9f..7aa282592cdc 100644 > --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > @@ -880,10 +880,10 @@ iwl_fw_error_dump_file(struct iwl_fw_runtime *fwrt, > cpu_to_le32(fwrt->trans->hw_rev_step); > memcpy(dump_info->fw_human_readable, fwrt->fw->human_readable, > sizeof(dump_info->fw_human_readable)); > - strncpy(dump_info->dev_human_readable, fwrt->trans->name, > - sizeof(dump_info->dev_human_readable) - 1); > - strncpy(dump_info->bus_human_readable, fwrt->dev->bus->name, > - sizeof(dump_info->bus_human_readable) - 1); > + strscpy_pad(dump_info->dev_human_readable, fwrt->trans->name, > + sizeof(dump_info->dev_human_readable)); > + strscpy_pad(dump_info->bus_human_readable, fwrt->dev->bus->name, > + sizeof(dump_info->bus_human_readable)); > dump_info->num_of_lmacs = fwrt->smem_cfg.num_lmacs; > dump_info->lmac_err_id[0] = > cpu_to_le32(fwrt->dump.lmac_err_id[0]); > > --- > base-commit: 58720809f52779dc0f08e53e54b014209d13eebb > change-id: 20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-1f49f00b8a2e > > Best regards, > -- > Justin Stitt <justinstitt@google.com> >
Kees Cook <keescook@chromium.org> writes: > On Thu, Oct 19, 2023 at 05:44:59PM +0000, Justin Stitt wrote: >> strncpy() is deprecated for use on NUL-terminated destination strings >> [1] and as such we should prefer more robust and less ambiguous string >> interfaces. >> >> Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that >> both dump_info->dev_human_readable and dump_info->bus_human_readable are >> intended to be NUL-terminated. >> >> Moreover, since this seems to cross the file boundary let's NUL-pad to >> ensure no behavior change. >> >> strscpy_pad() covers both the NUL-termination and NUL-padding, let's use >> it. >> >> Link: >> https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings >> [1] >> Link: https://github.com/KSPP/linux/issues/90 >> Cc: linux-hardening@vger.kernel.org >> Signed-off-by: Justin Stitt <justinstitt@google.com> > > Thread ping. Can the wireless folks please pick this up? Yeah, I'll take this directly to wireless-next.
Justin Stitt <justinstitt@google.com> wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that > both dump_info->dev_human_readable and dump_info->bus_human_readable are > intended to be NUL-terminated. > > Moreover, since this seems to cross the file boundary let's NUL-pad to > ensure no behavior change. > > strscpy_pad() covers both the NUL-termination and NUL-padding, let's use > it. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > Reviewed-by: Kees Cook <keescook@chromium.org> Patch applied to wireless-next.git, thanks. 70582e26f5d9 wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c index 3ab6a68f1e9f..7aa282592cdc 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c @@ -880,10 +880,10 @@ iwl_fw_error_dump_file(struct iwl_fw_runtime *fwrt, cpu_to_le32(fwrt->trans->hw_rev_step); memcpy(dump_info->fw_human_readable, fwrt->fw->human_readable, sizeof(dump_info->fw_human_readable)); - strncpy(dump_info->dev_human_readable, fwrt->trans->name, - sizeof(dump_info->dev_human_readable) - 1); - strncpy(dump_info->bus_human_readable, fwrt->dev->bus->name, - sizeof(dump_info->bus_human_readable) - 1); + strscpy_pad(dump_info->dev_human_readable, fwrt->trans->name, + sizeof(dump_info->dev_human_readable)); + strscpy_pad(dump_info->bus_human_readable, fwrt->dev->bus->name, + sizeof(dump_info->bus_human_readable)); dump_info->num_of_lmacs = fwrt->smem_cfg.num_lmacs; dump_info->lmac_err_id[0] = cpu_to_le32(fwrt->dump.lmac_err_id[0]);
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that both dump_info->dev_human_readable and dump_info->bus_human_readable are intended to be NUL-terminated. Moreover, since this seems to cross the file boundary let's NUL-pad to ensure no behavior change. strscpy_pad() covers both the NUL-termination and NUL-padding, let's use it. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Changes in v2: - prefer strscpy_pad (thanks Kees) - Link to v1: https://lore.kernel.org/r/20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-v1-1-bf69ec7d1b97@google.com --- Note: build-tested only. Found with: $ rg "strncpy\(" --- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- base-commit: 58720809f52779dc0f08e53e54b014209d13eebb change-id: 20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-1f49f00b8a2e Best regards, -- Justin Stitt <justinstitt@google.com>