On May 22, 2023 3:41:58 PM PDT, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx> wrote: > >Kees, > >> On Wed, 17 May 2023 14:29:55 +0000, Azeem Shaikh wrote: >>> strlcpy() reads the entire source buffer first. >>> This read may exceed the destination size limit. >>> This is both inefficient and can lead to linear read >>> overflows if a source string is not NUL-terminated [1]. >>> In an effort to remove strlcpy() completely [2], replace >>> strlcpy() here with strscpy(). >>> No return values were used, so direct replacement is safe. >>> >>> [...] >> >> Applied to for-next/hardening, thanks! >> >> [1/1] scsi: 3w-9xxx: Replace all non-returning strlcpy with strscpy >> https://git.kernel.org/kees/c/fa36c95739ab > >Are you planning on sending these? That's fine with me, just need to >know if I should close them in patchwork... Yeah, I took a bunch that hadn't been picked up yet: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=for-next/hardening Thanks! -- Kees Cook
