tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

leds: Replace all non-returning strlcpy with strscpy

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230523021451.2406362-1-azeemshaikh38@gmail.com
Signed-off-by: Lee Jones <lee@kernel.org>

authored by

Azeem Shaikh and committed by
Lee Jones bf4a35e9 d6e3896b

+3 -3
+1 -1
drivers/leds/flash/leds-aat1290.c
··· 425 425 struct led_classdev *led_cdev = &led->fled_cdev.led_cdev; 426 426 struct led_flash_setting *s; 427 427 428 - strlcpy(v4l2_sd_cfg->dev_name, led_cdev->dev->kobj.name, 428 + strscpy(v4l2_sd_cfg->dev_name, led_cdev->dev->kobj.name, 429 429 sizeof(v4l2_sd_cfg->dev_name)); 430 430 431 431 s = &v4l2_sd_cfg->intensity;
+1 -1
drivers/leds/led-class.c
··· 409 409 int ret = 0; 410 410 struct device *dev; 411 411 412 - strlcpy(name, init_name, len); 412 + strscpy(name, init_name, len); 413 413 414 414 while ((ret < len) && 415 415 (dev = class_find_device_by_name(leds_class, name))) {
+1 -1
drivers/leds/leds-spi-byte.c
··· 98 98 return -ENOMEM; 99 99 100 100 of_property_read_string(child, "label", &name); 101 - strlcpy(led->name, name, sizeof(led->name)); 101 + strscpy(led->name, name, sizeof(led->name)); 102 102 led->spi = spi; 103 103 mutex_init(&led->mutex); 104 104 led->cdef = device_get_match_data(dev);