On Thu, Jul 27, 2023 at 07:02:31PM +0300, Kalle Valo wrote: > Kees Cook <keescook@xxxxxxxxxxxx> writes: > > > On Mon, 10 Jul 2023 03:06:25 +0000, Azeem Shaikh wrote: > >> strlcpy() reads the entire source buffer first. > >> This read may exceed the destination size limit. > >> This is both inefficient and can lead to linear read > >> overflows if a source string is not NUL-terminated [1]. > >> In an effort to remove strlcpy() completely [2], replace > >> strlcpy() here with strscpy(). > >> > >> [...] > > > > Applied, thanks! > > > > [1/1] wifi: mwifiex: Replace strlcpy with strscpy > > https://git.kernel.org/kees/c/5469fb73e96d > > And the same question here, why are you taking wifi patches without > acks? And this already fixed differently in wireless-next so our trees > conflict now: > > https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git/commit/?id=caf9ead2c7d06fd7aa4cb48bd569ad61db9a0b4a Thanks for pointing that out! I saw no feedback on Azeem's patch, so it looked like it was being ignored. For the patch you linked to -- it's okay to have lost the overflow detection and warning? Regardless, I will drop this from my tree. -Kees -- Kees Cook
