On Sun, Mar 02, 2025 at 11:56:41PM +0100, Thorsten Blum wrote: > strncpy() is deprecated for NUL-terminated destination buffers; use > strscpy() instead. The destination buffer db_root is only used with "%s" > format strings and must therefore be NUL-terminated, but not NUL-padded. > > Use scnprintf() because snprintf() could return a value >= DB_ROOT_LEN > and lead to an out-of-bounds access. This doesn't happen because count > is explicitly checked against DB_ROOT_LEN before. However, scnprintf() > always returns the number of characters actually written to the string > buffer, which is always within the bounds of db_root_stage, and should > be preferred over snprintf(). > > The size parameter of strscpy() is optional and since DB_ROOT_LEN is the > size of the destination buffer, it can be removed. Remove it to simplify > the code. > > Compile-tested only. > > Link: https://github.com/KSPP/linux/issues/90 > Link: https://github.com/KSPP/linux/issues/105 > Cc: linux-hardening@xxxxxxxxxxxxxxx > Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx> Reviewed-by: Kees Cook <kees@xxxxxxxxxx> -- Kees Cook
