Em Mon, 10 Sep 2018 09:18:05 -0700 Kees Cook <keescook@xxxxxxxxxxxx> escreveu: > On Mon, Sep 10, 2018 at 5:19 AM, Mauro Carvalho Chehab > <mchehab+samsung@xxxxxxxxxx> wrote: > > The strncpy() function is being deprecated upstream. Replace > > it by the safer strscpy(). > > This one I'm quite concerned about. This could lead to kernel memory > exposures if any of the callers depend on strncpy()'s trailing > NUL-padding to clear a buffer of prior contents. > > How did you validate that for these changes? That's actually easy for those familiar with the V4L2 API. There are several fields at either uAPI or kAPI (or both) that have strings. For example, a video input has a name. So, for one familiar with the V4L2 API, it is clear that something like: + strscpy(inp->name, zr->card.input[inp->index].name, + sizeof(inp->name)); Is just filling the uAPI with the name of Input, with is, typically, something like: S-Video Television Radio Composite A visual inspection of the patch shows that, on almost all cases, it is either filling a device driver's name (used mainly for debug routines), a video Input, a format description string, or the video caps fields name and driver. Thanks, Mauro
