Apologies for the in-accurate description. This patch is covered under the patch-set by Romain Perier ( https://lkml.org/lkml/2021/2/22/739 ) and can be disregarded. Best Regards, Palash On Fri, Feb 19, 2021 at 11:09 PM Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote: > > Reply-To: > In-Reply-To: <20210219084038.GA7564@xxxxxxxxxxxxxxxxxx> > > On Fri, Feb 19, 2021 at 02:10:38PM +0530, Palash Oswal wrote: > > The strlcpy() function is unsafe in that the source buffer length > > is unbounded or possibly be non NULL terminated. This can cause > > memory over-reads, crashes, etc. > > > > Link: https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Palash Oswal <hello@xxxxxxxxxxxxxxx> > > The long description does not explain what the commit does, and > does not include any details about deprecation of strlcpy(), which > at least I'm not aware of. > > I don't think *length* ever is NULL terminated. The first sentence > is somewhat weird. Also strlcpy() does have a bounds check. > > Generally, the description and reasoning is sloppy to say the > least. > > /Jarkko > > > > --- > > security/integrity/ima/ima_api.c | 2 +- > > security/integrity/ima/ima_policy.c | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c > > index 1dd70dc68ffd..2f3b8257181d 100644 > > --- a/security/integrity/ima/ima_api.c > > +++ b/security/integrity/ima/ima_api.c > > @@ -399,7 +399,7 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf) > > } > > > > if (!pathname) { > > - strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX); > > + strscpy(namebuf, path->dentry->d_name.name, NAME_MAX); > > pathname = namebuf; > > } > > > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > > index 9b45d064a87d..010839aef6ba 100644 > > --- a/security/integrity/ima/ima_policy.c > > +++ b/security/integrity/ima/ima_policy.c > > @@ -791,7 +791,7 @@ static int __init ima_init_arch_policy(void) > > char rule[255]; > > int result; > > > > - result = strlcpy(rule, *rules, sizeof(rule)); > > + strscpy(rule, *rules, sizeof(rule)); > > > > INIT_LIST_HEAD(&arch_policy_entry[i].list); > > result = ima_parse_rule(rule, &arch_policy_entry[i]); > > > > base-commit: f6692213b5045dc461ce0858fb18cf46f328c202 > > -- > > 2.27.0 > > > >
