scsi: target: tcmu: Replace strlcpy() with strscpy()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1]. In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().

No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20230621030033.3800351-3-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Azeem Shaikh and committed by

Martin K. Petersen 2 years ago 4b2e2875 d1e8a9fb

+2 -2

1 changed file

expand all

drivers

target

target_core_user.c

+2 -2

drivers/target/target_core_user.c

··· 2820 2820 pr_err("Unable to reconfigure device\n"); 2821 2821 return ret; 2822 2822 } 2823 - strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN); 2823 + strscpy(udev->dev_config, page, TCMU_CONFIG_LEN); 2824 2824 2825 2825 ret = tcmu_update_uio_info(udev); 2826 2826 if (ret) 2827 2827 return ret; 2828 2828 return count; 2829 2829 } 2830 - strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN); 2830 + strscpy(udev->dev_config, page, TCMU_CONFIG_LEN); 2831 2831 2832 2832 return count; 2833 2833 }