diff mbox series

tty: n_gsm: replace deprecated strncpy with strscpy

Message ID 20240318-strncpy-drivers-tty-n_gsm-c-v1-1-da37a07c642e@google.com (mailing list archive)
State Mainlined
Commit da4e0ba419bb953fb8ae0aa4f85aef3febfbdf3e
Headers show
Series tty: n_gsm: replace deprecated strncpy with strscpy | expand

Commit Message

Justin Stitt March 18, 2024, 11:02 p.m. UTC
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.

We expect nc->if_name to be NUL-terminated based on existing manual
NUL-byte assignments and checks:
|	nc.if_name[IFNAMSIZ-1] = '\0';
...
| 	if (nc->if_name[0] != '\0')

Let's use the new 2-argument strscpy() since it guarantees
NUL-termination on the destination buffer while correctly using the
destination buffers size to bound the operation.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.

Found with: $ rg "strncpy\("
---
 drivers/tty/n_gsm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


---
base-commit: bf3a69c6861ff4dc7892d895c87074af7bc1c400
change-id: 20240318-strncpy-drivers-tty-n_gsm-c-ab1336e0e196

Best regards,
--
Justin Stitt <justinstitt@google.com>

Comments

Maarten Brock March 19, 2024, 9:10 a.m. UTC | #1
Hi Justin,

> ---
> Note: build-tested only.

Really? Without warnings?

> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -4010,7 +4010,7 @@ static int gsm_create_network(struct gsm_dlci *dlci,
> struct gsm_netconfig *nc)
>  	mux_net = netdev_priv(net);
>  	mux_net->dlci = dlci;
>  	kref_init(&mux_net->ref);
> -	strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
> +	strscpy(nc->if_name, net->name); /* return net name */

Where did IFNAMSIZ go?

Kind regards,
Maarten Brock
Justin Stitt March 19, 2024, 9 p.m. UTC | #2
Hi,

On Tue, Mar 19, 2024 at 2:11 AM Maarten Brock <Maarten.Brock@sttls.nl> wrote:
>
> Hi Justin,
>
> > ---
> > Note: build-tested only.
>
> Really? Without warnings?
>
> > --- a/drivers/tty/n_gsm.c
> > +++ b/drivers/tty/n_gsm.c
> > @@ -4010,7 +4010,7 @@ static int gsm_create_network(struct gsm_dlci *dlci,
> > struct gsm_netconfig *nc)
> >       mux_net = netdev_priv(net);
> >       mux_net->dlci = dlci;
> >       kref_init(&mux_net->ref);
> > -     strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
> > +     strscpy(nc->if_name, net->name); /* return net name */
>
> Where did IFNAMSIZ go?

There's a new 2-argument strscpy introduced in Commit e6584c3964f2f
("string: Allow 2-argument strscpy()"). Since the compiler can find
nc->if_name's size (which is == IFNAMSIZ) it should be A-OK to swap to
this new form.

>
> Kind regards,
> Maarten Brock
>

Thanks
Justin
Kees Cook March 19, 2024, 9:44 p.m. UTC | #3
On Mon, Mar 18, 2024 at 11:02:12PM +0000, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
> 
> We expect nc->if_name to be NUL-terminated based on existing manual
> NUL-byte assignments and checks:
> |	nc.if_name[IFNAMSIZ-1] = '\0';
> ...
> | 	if (nc->if_name[0] != '\0')
> 
> Let's use the new 2-argument strscpy() since it guarantees
> NUL-termination on the destination buffer while correctly using the
> destination buffers size to bound the operation.

We may need for -rc1 (or -rc2), depending on when subsystem tree re-open
for landing patches to use the 2-arg versio, but, regardless, it looks
right:

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
> Note: build-tested only.
> 
> Found with: $ rg "strncpy\("
> ---
>  drivers/tty/n_gsm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> index 4036566febcb..f5b0d91d32a7 100644
> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -4010,7 +4010,7 @@ static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
>  	mux_net = netdev_priv(net);
>  	mux_net->dlci = dlci;
>  	kref_init(&mux_net->ref);
> -	strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
> +	strscpy(nc->if_name, net->name); /* return net name */
>  
>  	/* reconfigure dlci for network */
>  	dlci->prev_adaption = dlci->adaption;
> 
> ---
> base-commit: bf3a69c6861ff4dc7892d895c87074af7bc1c400
> change-id: 20240318-strncpy-drivers-tty-n_gsm-c-ab1336e0e196
> 
> Best regards,
> --
> Justin Stitt <justinstitt@google.com>
> 
>
diff mbox series

Patch

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 4036566febcb..f5b0d91d32a7 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -4010,7 +4010,7 @@  static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
 	mux_net = netdev_priv(net);
 	mux_net->dlci = dlci;
 	kref_init(&mux_net->ref);
-	strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
+	strscpy(nc->if_name, net->name); /* return net name */
 
 	/* reconfigure dlci for network */
 	dlci->prev_adaption = dlci->adaption;