| Message ID | 20230530163546.986188-1-azeemshaikh38@gmail.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 76edc27eda068fb8222c452d522d4c93bcebe557 |
| Headers | show |
| Series | clocksource: Replace all non-returning strlcpy with strscpy | expand |
On Tue, May 30, 2023 at 9:35 AM Azeem Shaikh <azeemshaikh38@gmail.com> wrote: > > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [2] https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> > --- > kernel/time/clocksource.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c > index 91836b727cef..88cbc1181b23 100644 > --- a/kernel/time/clocksource.c > +++ b/kernel/time/clocksource.c > @@ -1480,7 +1480,7 @@ static int __init boot_override_clocksource(char* str) > { > mutex_lock(&clocksource_mutex); > if (str) > - strlcpy(override_name, str, sizeof(override_name)); > + strscpy(override_name, str, sizeof(override_name)); > mutex_unlock(&clocksource_mutex); > return 1; > } Sounds reasonable to me. Acked-by: John Stultz <jstultz@google.com> Thanks for submitting this! -john
On Tue, 30 May 2023 16:35:46 +0000, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [...] Applied to for-next/hardening, thanks! [1/1] clocksource: Replace all non-returning strlcpy with strscpy https://git.kernel.org/kees/c/40932d192ec8
diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c index 91836b727cef..88cbc1181b23 100644 --- a/kernel/time/clocksource.c +++ b/kernel/time/clocksource.c @@ -1480,7 +1480,7 @@ static int __init boot_override_clocksource(char* str) { mutex_lock(&clocksource_mutex); if (str) - strlcpy(override_name, str, sizeof(override_name)); + strscpy(override_name, str, sizeof(override_name)); mutex_unlock(&clocksource_mutex); return 1; }
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> --- kernel/time/clocksource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)