| Message ID | 20240328-strncpy-fs-squashfs-namei-c-v1-1-5c7bcbbeb675@google.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Squashfs: replace deprecated strncpy with strscpy | expand |
On Thu, Mar 28, 2024 at 09:52:59PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > The previous code took special care of NUL-terminating the destination > buffer via a manual assignment. As such, there is no bug in the current > implementation. However, in an effort to rid the kernel of strscpy() typo: rid kernel of strncpy. :) > [2], Let's instead use strscpy() which guarantees this behavior [3]. To > ensure we can copy the same number of bytes as before, add 1 to the > length argument provided to strscpy(). > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 [2] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [3] > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > fs/squashfs/namei.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c > index 11e4539b9eae..6c4704ba8f42 100644 > --- a/fs/squashfs/namei.c > +++ b/fs/squashfs/namei.c > @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, > } > > str = &index->name[SQUASHFS_NAME_LEN + 1]; > - strncpy(str, name, len); > - str[len] = '\0'; > + strscpy(str, name, len + 1); Otherwise, yeah, looks right. Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > > for (i = 0; i < i_count; i++) { > err = squashfs_read_metadata(sb, index, &index_start, > > --- > base-commit: 928a87efa42302a23bb9554be081a28058495f22 > change-id: 20240328-strncpy-fs-squashfs-namei-c-9d01b8975e53 > > Best regards, > -- > Justin Stitt <justinstitt@google.com> > >
On 28/03/2024 21:52, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > The previous code took special care of NUL-terminating the destination > buffer via a manual assignment. As such, there is no bug in the current > implementation. However, in an effort to rid the kernel of strscpy() > [2], Let's instead use strscpy() which guarantees this behavior [3]. To > ensure we can copy the same number of bytes as before, add 1 to the > length argument provided to strscpy(). > Squashfs copies the passed string into a temporary buffer to ensure it is NUL-terminated. This however is completely unnecessary as the string is already NUL-terminated. A better way to remove the strncpy() is to remove the unnecessary string copy, which I have done in this patch here: https://lore.kernel.org/lkml/20240403183352.391308-1-phillip@squashfs.org.uk/T/#u Phillip > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 [2] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [3] > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > fs/squashfs/namei.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c > index 11e4539b9eae..6c4704ba8f42 100644 > --- a/fs/squashfs/namei.c > +++ b/fs/squashfs/namei.c > @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, > } > > str = &index->name[SQUASHFS_NAME_LEN + 1]; > - strncpy(str, name, len); > - str[len] = '\0'; > + strscpy(str, name, len + 1); > > for (i = 0; i < i_count; i++) { > err = squashfs_read_metadata(sb, index, &index_start, > > --- > base-commit: 928a87efa42302a23bb9554be081a28058495f22 > change-id: 20240328-strncpy-fs-squashfs-namei-c-9d01b8975e53 > > Best regards, > -- > Justin Stitt <justinstitt@google.com> >
On Wed, Apr 3, 2024 at 12:32 PM Phillip Lougher <phillip@squashfs.org.uk> wrote: > A better way to remove the strncpy() is to remove the unnecessary string > copy, which I have done in this patch here: Great! Cleaning up this code while removing strncpy() is a two for one.
On 04/04/2024 01:30, Justin Stitt wrote: > On Wed, Apr 3, 2024 at 12:32 PM Phillip Lougher <phillip@squashfs.org.uk> wrote: >> A better way to remove the strncpy() is to remove the unnecessary string >> copy, which I have done in this patch here: > > Great! Cleaning up this code while removing strncpy() is a two for one. Yes - thanks for your reply. Phillip
diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c index 11e4539b9eae..6c4704ba8f42 100644 --- a/fs/squashfs/namei.c +++ b/fs/squashfs/namei.c @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, } str = &index->name[SQUASHFS_NAME_LEN + 1]; - strncpy(str, name, len); - str[len] = '\0'; + strscpy(str, name, len + 1); for (i = 0; i < i_count; i++) { err = squashfs_read_metadata(sb, index, &index_start,
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. The previous code took special care of NUL-terminating the destination buffer via a manual assignment. As such, there is no bug in the current implementation. However, in an effort to rid the kernel of strscpy() [2], Let's instead use strscpy() which guarantees this behavior [3]. To ensure we can copy the same number of bytes as before, add 1 to the length argument provided to strscpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 [2] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [3] Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Note: build-tested only. Found with: $ rg "strncpy\(" --- fs/squashfs/namei.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- base-commit: 928a87efa42302a23bb9554be081a28058495f22 change-id: 20240328-strncpy-fs-squashfs-namei-c-9d01b8975e53 Best regards, -- Justin Stitt <justinstitt@google.com>