| Message ID | 20250213114047.2366-2-thorsten.blum@linux.dev (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() | expand |
On 2/13/25 3:40 AM, Thorsten Blum wrote: > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c > index c7ebae24b09f..968cefb497eb 100644 > --- a/drivers/scsi/hpsa.c > +++ b/drivers/scsi/hpsa.c > @@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev *pdev, > > static void init_driver_version(char *driver_version, int len) > { > - memset(driver_version, 0, len); > - strncpy(driver_version, HPSA " " HPSA_DRIVER_VERSION, len - 1); > + strscpy_pad(driver_version, HPSA " " HPSA_DRIVER_VERSION, len); > } > > static int write_driver_ver_to_cfgtable(struct CfgTable __iomem *cfgtable) Has it been considered to introduce a Coccinelle semantic patch that performs this conversion? See also the scripts/coccinelle directory. Anyway: Reviewed-by: Bart Van Assche <bvanassche@acm.org>
On Thu, Feb 13, 2025 at 10:24:25AM -0800, Bart Van Assche wrote: > On 2/13/25 3:40 AM, Thorsten Blum wrote: > > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c > > index c7ebae24b09f..968cefb497eb 100644 > > --- a/drivers/scsi/hpsa.c > > +++ b/drivers/scsi/hpsa.c > > @@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev *pdev, > > static void init_driver_version(char *driver_version, int len) > > { > > - memset(driver_version, 0, len); > > - strncpy(driver_version, HPSA " " HPSA_DRIVER_VERSION, len - 1); > > + strscpy_pad(driver_version, HPSA " " HPSA_DRIVER_VERSION, len); > > } > > static int write_driver_ver_to_cfgtable(struct CfgTable __iomem *cfgtable) > > Has it been considered to introduce a Coccinelle semantic patch that > performs this conversion? See also the scripts/coccinelle directory. Using this: @pad0 depends on !(file in "tools") && !(file in "samples")@ expression DEST, SRC; expression LENGTH; @@ - memset(DEST, 0, LENGTH); - strncpy(DEST, SRC, LENGTH - 1); + strscpy_pad(DEST, SRC, LENGTH); @padNUL depends on !(file in "tools") && !(file in "samples")@ expression DEST, SRC; expression LENGTH; @@ - memset(DEST, '\0', LENGTH); - strncpy(DEST, SRC, LENGTH - 1); + strscpy_pad(DEST, SRC, LENGTH); It turns out this is the only place left in the kernel using that pattern. :) > > Anyway: > > Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Kees Cook <kees@kernel.org>
Thorsten, > strncpy() is deprecated for NUL-terminated destination buffers. > Replace memset() and strncpy() with strscpy_pad() to copy the version > string and fill the remaining bytes in the destination buffer with NUL > bytes. This avoids zeroing the memory before copying the string. Applied to 6.15/scsi-staging, thanks!
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index c7ebae24b09f..968cefb497eb 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev *pdev, static void init_driver_version(char *driver_version, int len) { - memset(driver_version, 0, len); - strncpy(driver_version, HPSA " " HPSA_DRIVER_VERSION, len - 1); + strscpy_pad(driver_version, HPSA " " HPSA_DRIVER_VERSION, len); } static int write_driver_ver_to_cfgtable(struct CfgTable __iomem *cfgtable)
strncpy() is deprecated for NUL-terminated destination buffers. Replace memset() and strncpy() with strscpy_pad() to copy the version string and fill the remaining bytes in the destination buffer with NUL bytes. This avoids zeroing the memory before copying the string. Compile-tested only. Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- Changes in v2: - Use len instead of len - 1 - Link to v1: https://lore.kernel.org/r/20250212224352.86583-3-thorsten.blum@linux.dev/ --- drivers/scsi/hpsa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)