On August 23, 2023 7:13:04 AM PDT, Heiko Carstens <hca@xxxxxxxxxxxxx> wrote: >On Wed, Aug 23, 2023 at 03:49:36PM +0200, Heiko Carstens wrote: >> On Tue, Aug 22, 2023 at 11:59:26PM +0000, Justin Stitt wrote: >> > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. >> > >> > A suitable replacement is `strscpy` [2] due to the fact that it >> > guarantees NUL-termination on its destination buffer argument which is >> > _not_ the case for `strncpy`! >> > >> > Link: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings[1] >> > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] >> > Link: https://github.com/KSPP/linux/issues/90 >> > Cc: linux-hardening@xxxxxxxxxxxxxxx >> > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx> >> > --- >> > block/partitions/ibm.c | 8 ++++---- >> > 1 file changed, 4 insertions(+), 4 deletions(-) >> > >> > diff --git a/block/partitions/ibm.c b/block/partitions/ibm.c >> > index 403756dbd50d..e5893cf71b57 100644 >> > --- a/block/partitions/ibm.c >> > +++ b/block/partitions/ibm.c >> > @@ -111,11 +111,11 @@ static int find_label(struct parsed_partitions *state, >> > !strcmp(temp, "LNX1") || >> > !strcmp(temp, "CMS1")) { >> > if (!strcmp(temp, "VOL1")) { >> > - strncpy(type, label->vol.vollbl, 4); >> > - strncpy(name, label->vol.volid, 6); >> > + strscpy(type, label->vol.vollbl, 4); >> > + strscpy(name, label->vol.volid, 6); >> > } else { >> > - strncpy(type, label->lnx.vollbl, 4); >> > - strncpy(name, label->lnx.volid, 6); >> > + strscpy(type, label->lnx.vollbl, 4); >> > + strscpy(name, label->lnx.volid, 6); >> > } >> > EBCASC(type, 4); >> > EBCASC(name, 6); >> >> I'm quite sure this is not correct, since both type and name are not >> necessarily NUL-terminated, and this code operates on purpose on such >> strings. >> >> Since currently Stefan and Jan are both not available, I added Peter >> Oberparleiter to Cc who hopefully knows better than me. > >I was just made aware of that this patch is already in linux-next. And >indeed: partition detection does not work anymore for DASDs. With this >patch reverted it works again. > >Jens, can you remove or revert this patch again, please? Looks like this should be strtomem_pad() rather than strscpy()... -- Kees Cook
