Hi, On Wed, Aug 04, 2021 at 05:23:54PM -0500, Bjorn Andersson wrote: > On Sun 01 Aug 08:19 CDT 2021, Len Baker wrote: > > > strcpy() performs no bounds checking on the destination buffer. This > > could result in linear overflows beyond the end of the buffer, leading > > to all kinds of misbehaviors. The safe replacement is strscpy(). > > > > While this is true, are any of these uses of strcpy affected by its > shortcomings? No, this patch is only an effort to clean up the proliferation of str*() functions in the kernel. > > Moreover, when the size of the destination buffer cannot be obtained > > using "sizeof", use the memcpy function instead of strscpy. > > > > This is not why you're using memcpy, you're using it because you _know_ > how many bytes should be copied - because you just did a strlen() and > allocated that amount of space. Understood, I will change the commit message. > > > [...] > > /* Prepare req message */ > > - strcpy(req.service_path, pds->service_path); > > + strscpy(req.service_path, pds->service_path, > > + sizeof(req.service_path)); > > There's no need to break this line. Ok, thanks. Regards, Len
