On Mon, Mar 18, 2024 at 11:46:33PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Let's use the new 2-argument strscpy() which guarantees NUL-termination > on the destination buffer while also simplifying the syntax. Note that > strscpy() will not NUL-pad the destination buffer like strncpy() does. > > However, the NUL-padding behavior of strncpy() is not required since > fbdev is already NUL-allocated from au1200fb_drv_probe() -> > frameuffer_alloc(), rendering any additional NUL-padding redundant. > | p = kzalloc(fb_info_size + size, GFP_KERNEL); > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@xxxxxxxxxxxxxxx > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx> Yup, looks correct. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
