On Tue, Jul 18, 2023 at 12:38:37AM -0400, Azeem Shaikh wrote: > On Wed, Jul 12, 2023 at 7:54 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > On Mon, Jul 03, 2023 at 06:12:56PM +0000, Azeem Shaikh wrote: > > > strlcpy() reads the entire source buffer first. > > > This read may exceed the destination size limit. > > > This is both inefficient and can lead to linear read > > > overflows if a source string is not NUL-terminated [1]. > > > In an effort to remove strlcpy() completely [2], replace > > > strlcpy() here with strscpy(). > > > > > > Direct replacement is safe here since DEV_ASSIGN is only used by > > > TRACE macros and the return values are ignored. > > > > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > > > [2] https://github.com/KSPP/linux/issues/89 > > > > > > Signed-off-by: Azeem Shaikh <azeemshaikh38@xxxxxxxxx> > > > > Looks good -- thing is using return values from the macros. > > Just to confirm, you mean *not* using return values from the macros? I thought I'd replied to this, but I see it didn't happen: yes, I meant "not using return values". Sorry for the confusion! -- Kees Cook
