tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

befs: Replace all non-returning strlcpy with strscpy

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated.
In an effort to remove strlcpy() completely, replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230509014136.2095900-1-azeemshaikh38@gmail.com

authored by

Azeem Shaikh and committed by
Kees Cook 73919280 2f088dfc

+2 -2
+1 -1
fs/befs/btree.c
··· 500 500 goto error_alloc; 501 501 } 502 502 503 - strlcpy(keybuf, keystart, keylen + 1); 503 + strscpy(keybuf, keystart, keylen + 1); 504 504 *value = fs64_to_cpu(sb, valarray[cur_key]); 505 505 *keysize = keylen; 506 506
+1 -1
fs/befs/linuxvfs.c
··· 374 374 if (S_ISLNK(inode->i_mode) && !(befs_ino->i_flags & BEFS_LONG_SYMLINK)){ 375 375 inode->i_size = 0; 376 376 inode->i_blocks = befs_sb->block_size / VFS_BLOCK_SIZE; 377 - strlcpy(befs_ino->i_data.symlink, raw_inode->data.symlink, 377 + strscpy(befs_ino->i_data.symlink, raw_inode->data.symlink, 378 378 BEFS_SYMLINK_LEN); 379 379 } else { 380 380 int num_blks;