On Thu, Mar 21, 2024 at 12:38:54AM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. A good alternative is strscpy() as it guarantees > NUL-termination on the destination buffer. > > In crypto.c: > We expect cipher_name to be NUL-terminated based on its use with > the C-string format specifier %s and with other string apis like > strlen(): > | printk(KERN_ERR "Error attempting to initialize key TFM " > | "cipher with name = [%s]; rc = [%d]\n", > | tmp_tfm->cipher_name, rc); > and > | int cipher_name_len = strlen(cipher_name); > > In main.c: > We can remove the manual NUL-byte assignments as well as the pointers to > destinations (which I assume only existed to trim down on line length?) > in favor of directly using the destination buffer which allows the > compiler to get size information -- enabling the usage of the new > 2-argument strscpy(). > > Note that this patch relies on the _new_ 2-argument versions of > strscpy() and strscpy_pad() introduced in Commit e6584c3964f2f ("string: > Allow 2-argument strscpy()"). > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@xxxxxxxxxxxxxxx > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx> Looks correct. I don't see any need for padding. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook