On Mon, May 15, 2023 at 09:50:25AM +0200, Christian Brauner wrote: > On Wed, 10 May 2023 22:11:19 +0000, Azeem Shaikh wrote: > > strlcpy() reads the entire source buffer first. > > This read may exceed the destination size limit. > > This is both inefficient and can lead to linear read > > overflows if a source string is not NUL-terminated [1]. > > In an effort to remove strlcpy() completely [2], replace > > strlcpy() here with strscpy(). > > No return values were used, so direct replacement is safe. > > > > [...] > > I sincerely hope we'll be done with swapping out various string > functions for one another at some point. Such patches always seems > benign and straightforward but the potential for subtle bugs is > feels rather high... Agreed. The long-term goal is to remove "strlcpy"[1] and "strncpy"[2] completely from the kernel, leaving only "strscpy". From there, I hope to do a treewide change to scrub the kernel of the pattern: strscpy(fixed-sized-dest, fixed-sized-source, sizeof(fixed-size-dest)) and replace it with a much stricter "strcpy" that refuses to work on dynamically sized arguments. This will get us away from the pointless exercise of duplicating sizeof() arguments when the compiler can very happily do it itself. But doing the return value transitions (and padding checks) for strlcpy and strncpy need to happen first. It's a long road. > Applied to the vfs.misc branch of the vfs/vfs.git tree. > Patches in the vfs.misc branch should appear in linux-next soon. Thanks! -Kees [1] https://github.com/KSPP/linux/issues/89 [2] https://github.com/KSPP/linux/issues/90 -- Kees Cook
