From patchwork Wed Mar 20 23:22:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Stitt X-Patchwork-Id: 13598274 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 736E685C7B for ; Wed, 20 Mar 2024 23:22:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710976925; cv=none; b=OMR0gDZ1+/1V7+CdmGAPnzx1J8Hi5E35N0xWGGH2pyzDAno8RIUV8kFnsakVF4s1ANdhXMfC76xAk1mtte75T4pQ+UQQl14N6HMHQPsg1gt7FdxX2zQuSdQQSS4pMF75cM8AaUhLqxQB9HXK9aBR9EzwoCpksTIwTWH0unhy3eg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710976925; c=relaxed/simple; bh=LstULD3SZgSv3OfqQEREHb9PlnHVDFzksy2daTuKq/I=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=uIekWKvXw4E1EwmYrDZYe6aO6hyS+hHt/vQS+2RQ52geAOkN9wXlhatNQs2G7rC+yjUOyE36cOg+9ITi9rLiUYN9a2T5TDn1OxCx3BEs4EvJcpDMQ9qUwhMg9ucMfeGo5Vp/Q1K0qu/Ow3eEeIrgpS7QHqwHMXrQ43HtyuHZMr4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--justinstitt.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=uopcagLU; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--justinstitt.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uopcagLU" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dd0ae66422fso962305276.0 for ; Wed, 20 Mar 2024 16:22:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710976922; x=1711581722; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=31u9h4pRsIoYT5xL2+2Sx/Q3BDCy9WQzGQxSt0T02WU=; b=uopcagLUe9FUu5r+Uju/IIdjmlZvPd8g8tPAHZeY1L74ucLYao2lqvpJWWEkGKRz78 xrkjAjMclpsRi8qc1hy5NIbfcaioJnTkBNbugXLKVpGzvzo5IHVDHbIBJjgeT5HQkXzB iqcD1xaTHex0kL7fWJ7049ZAhs8Nbx+Bvg/GU1Q/XA1+racvK/Df+zYoY48PRta1V1lK 5tyflTyWUhpq+pC+ZE6YyXwvLY3wZcSYObhcLy7nukRavgR2B/U4VJeLX08y+trMRrQl 8kcqT9YdLMjujjOp/aQQFG/vMjfNIHJrIJcmQ1LdRl8mKopXzHwjDQO9LLFSL+Ap3Jt7 k0+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710976922; x=1711581722; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=31u9h4pRsIoYT5xL2+2Sx/Q3BDCy9WQzGQxSt0T02WU=; b=WmbvL2J2gSb60FxRZWAb07yQP1yvIDbK43iODdBNysuD/SFYfArI33gZIa24fE0vL8 crDYD/5TRAfxstQDEmBd/wtO7brqErvKmbfp2Q8hzMB46854oQ9DU08gaVDWLEpQrk0h CMP+Ze8d/6HrhR2QwLzz5TJ3Azd/rdcK6zovaHnixcK7tMuZvozcQe8mEOk9RS+AQWZv YzyfhM3Eku/VUCGwBpEDpCKxPnNTJPo0IG61e+7mPME2xPrkXXrw4sDBssnogzkNTP1b wue9UDbfEEzIEYTRCGK+NOInvmzYX7XrDOMvZOfRFe+bwXBcTerKvWFVXRPUHnEKi0vO 1E4g== X-Forwarded-Encrypted: i=1; AJvYcCUyOEBhWuQlaSlNVbhhBWZ6Idf6zFgwZMiUvKWHZ8Xj50joA3Ui0w5Ohs5Url3jjgx4wDUClw8e0MDxtYG5iT9AmeWstnUwspGdIQuqSo4c X-Gm-Message-State: AOJu0YzwnV9Rj71wsegEiNWgqOvP2u8JtufyZAEqPHFo3mhzlVy+6YoM d6zSSJwOsCVjtwwUQSTKIBcjd0cIJVbTuQkxhed9JkUZr0AwG0vnz9SXHGb9zkRkxPhgxXaYnXp /hG8D/Th+/gqych5U1porkw== X-Google-Smtp-Source: AGHT+IEbxaoDxR39hoPNgni/Vs4CVRqb2djIgFXCSM9OsEXWBDwH4FweLj7pnfzYDXD3ipk1F2Hy16EUjCN+ESro/Q== X-Received: from jstitt-linux1.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:23b5]) (user=justinstitt job=sendgmr) by 2002:a25:4b84:0:b0:dcc:2267:796e with SMTP id y126-20020a254b84000000b00dcc2267796emr201630yba.2.1710976922546; Wed, 20 Mar 2024 16:22:02 -0700 (PDT) Date: Wed, 20 Mar 2024 23:22:02 +0000 Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-B4-Tracking: v=1; b=H4sIAJlv+2UC/x3MwQqDMAwA0F+RnBdoqzL1V8YOs4maw6okUjbEf 7d4fJd3gLEKGwzVAcpZTNZU4B8VxOWTZkahYgguNK4ODm3XFLc/kkpmNcxCvOJCX8GIY/QdtV3 bP/0EpdiUJ/nd/et9nhdMvlXFbgAAAA== X-Developer-Key: i=justinstitt@google.com; a=ed25519; pk=tC3hNkJQTpNX/gLKxTNQKDmiQl6QjBNCGKJINqAdJsE= X-Developer-Signature: v=1; a=ed25519-sha256; t=1710976921; l=1895; i=justinstitt@google.com; s=20230717; h=from:subject:message-id; bh=LstULD3SZgSv3OfqQEREHb9PlnHVDFzksy2daTuKq/I=; b=asHNy0GS4ziNs7+teZK7JmBwmWLU7eI7UJYX/Jv9UFQa5idrd1r/icfuQF/NfP0K1Tp7LHyZY MGpRYh9EuvuDYbE8MrciB/WCTNc+XdNdU97Xs+IFqzbG81WPC/L/6PW X-Mailer: b4 0.12.3 Message-ID: <20240320-strncpy-drivers-video-hdmi-c-v1-1-f9a08168cdaf@google.com> Subject: [PATCH] video/hdmi: prefer length specifier in format over string copying From: Justin Stitt To: Helge Deller Cc: linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Justin Stitt strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. It looks like the main use of strncpy() here is to limit the amount of bytes printed from hdmi_log() by using a tmp buffer and limiting the number of bytes copied. Really, we should use the %.s format qualifier to achieve this. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Reviewed-by: Kees Cook --- Note: build-tested only. Found with: $ rg "strncpy\(" --- drivers/video/hdmi.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) --- base-commit: a4145ce1e7bc247fd6f2846e8699473448717b37 change-id: 20240320-strncpy-drivers-video-hdmi-c-bc18d585971f Best regards, -- Justin Stitt diff --git a/drivers/video/hdmi.c b/drivers/video/hdmi.c index 03c7f27dde49..ba301f3f4951 100644 --- a/drivers/video/hdmi.c +++ b/drivers/video/hdmi.c @@ -1310,17 +1310,11 @@ static void hdmi_spd_infoframe_log(const char *level, struct device *dev, const struct hdmi_spd_infoframe *frame) { - u8 buf[17]; - hdmi_infoframe_log_header(level, dev, (const struct hdmi_any_infoframe *)frame); - memset(buf, 0, sizeof(buf)); - - strncpy(buf, frame->vendor, 8); - hdmi_log(" vendor: %s\n", buf); - strncpy(buf, frame->product, 16); - hdmi_log(" product: %s\n", buf); + hdmi_log(" vendor: %.8s\n", frame->vendor); + hdmi_log(" product: %.16s\n", frame->product); hdmi_log(" source device information: %s (0x%x)\n", hdmi_spd_sdi_get_name(frame->sdi), frame->sdi); }