tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

staging: most: Replace all non-returning strlcpy with strscpy

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230523021640.2406585-1-azeemshaikh38@gmail.com

authored by

Azeem Shaikh and committed by
Kees Cook 2af4aa3b f4a0659f

+4 -4
+4 -4
drivers/most/configfs.c
··· 204 204 { 205 205 struct mdev_link *mdev_link = to_mdev_link(item); 206 206 207 - strlcpy(mdev_link->device, page, sizeof(mdev_link->device)); 207 + strscpy(mdev_link->device, page, sizeof(mdev_link->device)); 208 208 strim(mdev_link->device); 209 209 return count; 210 210 } ··· 219 219 { 220 220 struct mdev_link *mdev_link = to_mdev_link(item); 221 221 222 - strlcpy(mdev_link->channel, page, sizeof(mdev_link->channel)); 222 + strscpy(mdev_link->channel, page, sizeof(mdev_link->channel)); 223 223 strim(mdev_link->channel); 224 224 return count; 225 225 } ··· 234 234 { 235 235 struct mdev_link *mdev_link = to_mdev_link(item); 236 236 237 - strlcpy(mdev_link->comp, page, sizeof(mdev_link->comp)); 237 + strscpy(mdev_link->comp, page, sizeof(mdev_link->comp)); 238 238 strim(mdev_link->comp); 239 239 return count; 240 240 } ··· 250 250 { 251 251 struct mdev_link *mdev_link = to_mdev_link(item); 252 252 253 - strlcpy(mdev_link->comp_params, page, sizeof(mdev_link->comp_params)); 253 + strscpy(mdev_link->comp_params, page, sizeof(mdev_link->comp_params)); 254 254 strim(mdev_link->comp_params); 255 255 return count; 256 256 }