Hi On Thu, Nov 15, 2018 at 12:09 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Wed, Nov 14, 2018 at 9:40 AM, Laura Abbott <labbott@xxxxxxxxxx> wrote: [...] > > Can we switch to strscpy instead? This will quiet gcc and avoid the > > issues with strlcpy. > > Yes please: it looks like these strings are expected to be NUL > terminated, so strscpy() without the "- 1" and min() logic would be > the correct solution here. "the correct solution"? To my knowledge the original code was correct as well. Am I missing something? > If @hid is already zero, then this would > just be: > > strscpy(hid->name, ev->u.create2.name, sizeof(hid->name)); > strscpy(hid->phys, ev->u.create2.phys, sizeof(hid->phys)); > strscpy(hid->uniq, ev->u.create2.uniq, sizeof(hid->uniq)); > > If they are NOT NUL terminated, then keep using strncpy() but mark the > fields in the struct with the __nonstring attribute. They are supposed to be NUL terminated, but for compatibility reasons we allow them to be not. So I don't think your proposal is safe. Thanks David
