> -----Original Message----- > From: Joe Perches [mailto:joe@xxxxxxxxxxx] > Sent: Monday, July 22, 2019 11:11 PM > To: Kees Cook <keescook@xxxxxxxxxxxx>; Gote, Nitin R > <nitin.r.gote@xxxxxxxxx> > Cc: corbet@xxxxxxx; akpm@xxxxxxxxxxxxxxxxxxxx; apw@xxxxxxxxxxxxx; > linux-doc@xxxxxxxxxxxxxxx; kernel-hardening@xxxxxxxxxxxxxxxxxx > Subject: Re: [PATCH v5] Documentation/checkpatch: Prefer > strscpy/strscpy_pad over strcpy/strlcpy/strncpy > > On Mon, 2019-07-22 at 10:30 -0700, Kees Cook wrote: > > On Wed, Jul 17, 2019 at 10:00:05AM +0530, NitinGote wrote: > > > From: Nitin Gote <nitin.r.gote@xxxxxxxxx> > > > > > > Added check in checkpatch.pl to > > > 1. Deprecate strcpy() in favor of strscpy(). > > > 2. Deprecate strlcpy() in favor of strscpy(). > > > 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad(). > > > > > > Updated strncpy() section in Documentation/process/deprecated.rst > > > to cover strscpy_pad() case. > > > > > > Signed-off-by: Nitin Gote <nitin.r.gote@xxxxxxxxx> > > > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > > > > Joe, does this address your checkpatch concerns? > > Well, kinda. > > strscpy_pad isn't used anywhere in the kernel. > > And > > + "strncpy" => "strscpy, strscpy_pad or for non- > NUL-terminated strings, strncpy() can still be used, but destinations should > be marked with __nonstring", > > is a bit verbose. This could be simply: > > + "strncpy" => "strscpy - for non-NUL-terminated uses, strncpy() dst > should be __nonstring", > But, if the destination buffer needs extra NUL-padding for remaining size of destination, then safe replacement is strscpy_pad(). Right? If yes, then what is your opinion on below change : "strncpy" => "strscpy, strcpy_pad - for non-NUL-terminated uses, strncpy() dst should be __nonstring", > And I still prefer adding stracpy as it > reduces code verbosity and eliminates defects. > -Nitin
