Re: [PATCH v3 2/3] kernfs: Convert kernfs_name_locked() from strlcpy() to strscpy()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 12, 2023 at 01:17:39PM -0800, Kees Cook wrote:
> strlcpy() reads the entire source buffer first. This read may exceed
> the destination size limit. This is both inefficient and can lead
> to linear read overflows if a source string is not NUL-terminated[1].
> Additionally, it returns the size of the source string, not the
> resulting size of the destination string. In an effort to remove strlcpy()
> completely[2], replace strlcpy() here with strscpy().
> 
> Nothing actually checks the return value coming from kernfs_name_locked(),
> so this has no impact on error paths. The caller hierarchy is:
> 
> kernfs_name_locked()
>         kernfs_name()
>                 pr_cont_kernfs_name()
>                         return value ignored
>                 cgroup_name()
>                         current_css_set_cg_links_read()
>                                 return value ignored
>                         print_page_owner_memcg()
>                                 return value ignored
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
> Link: https://github.com/KSPP/linux/issues/89 [2]
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Azeem Shaikh <azeemshaikh38@xxxxxxxxx>
> Link: https://lore.kernel.org/r/20231116192127.1558276-2-keescook@xxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>

Acked-by: Tejun Heo <tj@xxxxxxxxxx>

Thanks.

-- 
tejun




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [Monitors]

  Powered by Linux