On Tue, 13 Jun 2023, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > > Direct replacement is safe here since return value from all > callers of STRLCPY macro were ignored. > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [2] https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Azeem Shaikh <azeemshaikh38@xxxxxxxxx> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx> Best regards, Jozsef > --- > net/netfilter/ipset/ip_set_hash_netiface.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c > index 031073286236..95aeb31c60e0 100644 > --- a/net/netfilter/ipset/ip_set_hash_netiface.c > +++ b/net/netfilter/ipset/ip_set_hash_netiface.c > @@ -40,7 +40,7 @@ MODULE_ALIAS("ip_set_hash:net,iface"); > #define IP_SET_HASH_WITH_MULTI > #define IP_SET_HASH_WITH_NET0 > > -#define STRLCPY(a, b) strlcpy(a, b, IFNAMSIZ) > +#define STRSCPY(a, b) strscpy(a, b, IFNAMSIZ) > > /* IPv4 variant */ > > @@ -182,11 +182,11 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb, > > if (!eiface) > return -EINVAL; > - STRLCPY(e.iface, eiface); > + STRSCPY(e.iface, eiface); > e.physdev = 1; > #endif > } else { > - STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out)); > + STRSCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out)); > } > > if (strlen(e.iface) == 0) > @@ -400,11 +400,11 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb, > > if (!eiface) > return -EINVAL; > - STRLCPY(e.iface, eiface); > + STRSCPY(e.iface, eiface); > e.physdev = 1; > #endif > } else { > - STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out)); > + STRSCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out)); > } > > if (strlen(e.iface) == 0) > -- > 2.41.0.162.gfafddb0af9-goog > > > - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
