| Message ID | 20240402-strncpy-init-do_mounts-c-v1-1-e16d7bc20974@google.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 07f8230b4b39b8b7fb401a67f308c61a43542402 |
| Headers | show |
| Series | init: replace deprecated strncpy with strscpy_pad | expand |
On Tue, Apr 02, 2024 at 08:39:49PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > data_page wants to be NUL-terminated and NUL-padded, use strscpy_pad to > provide both of these. data_page no longer awkwardly relies on > init_mount to perform its NUL-termination, although that sanity check is > left unchanged. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> This looks good. Thanks! Reviewed-by: Kees Cook <keescook@chromium.org>
On Tue, 02 Apr 2024 20:39:49 +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > data_page wants to be NUL-terminated and NUL-padded, use strscpy_pad to > provide both of these. data_page no longer awkwardly relies on > init_mount to perform its NUL-termination, although that sanity check is > left unchanged. > > [...] Applied to for-next/hardening, thanks! [1/1] init: replace deprecated strncpy with strscpy_pad https://git.kernel.org/kees/c/fa6475acde9a Take care,
diff --git a/init/do_mounts.c b/init/do_mounts.c index 3c5fd993bc7e..6af29da8889e 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -159,8 +159,7 @@ static int __init do_mount_root(const char *name, const char *fs, if (!p) return -ENOMEM; data_page = page_address(p); - /* zero-pad. init_mount() will make sure it's terminated */ - strncpy(data_page, data, PAGE_SIZE); + strscpy_pad(data_page, data, PAGE_SIZE); } ret = init_mount(name, "/root", fs, flags, data_page);
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. data_page wants to be NUL-terminated and NUL-padded, use strscpy_pad to provide both of these. data_page no longer awkwardly relies on init_mount to perform its NUL-termination, although that sanity check is left unchanged. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Note: build-tested only. Found with: $ rg "strncpy\(" --- init/do_mounts.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- base-commit: 026e680b0a08a62b1d948e5a8ca78700bfac0e6e change-id: 20240402-strncpy-init-do_mounts-c-e1d378c88049 Best regards, -- Justin Stitt <justinstitt@google.com>