Re: [PATCH] drivers/soc: Remove all strcpy() uses in favor of strscpy()

From: Robin Murphy
Date: Wed Jul 28 2021 - 05:36:20 EST


On 2021-07-28 09:36, David Laight wrote:
From: Geert Uytterhoeven
Sent: 26 July 2021 09:03

Hi Len,

On Sun, Jul 25, 2021 at 5:15 PM Len Baker <len.baker@xxxxxxx> wrote:
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

Signed-off-by: Len Baker <len.baker@xxxxxxx>

Thanks for your patch!

---
This is a task of the KSPP [1]

[1] https://github.com/KSPP/linux/issues/88

Any chance the almost one year old question in that ticket can be
answered?

drivers/soc/renesas/rcar-sysc.c | 6 ++++--

Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>

But please see my comments below...

--- a/drivers/soc/renesas/r8a779a0-sysc.c
+++ b/drivers/soc/renesas/r8a779a0-sysc.c
@@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void)
for (i = 0; i < info->num_areas; i++) {
const struct r8a779a0_sysc_area *area = &info->areas[i];
struct r8a779a0_sysc_pd *pd;
+ size_t area_name_size;

I wouldn't mind a shorter name, like "n".


if (!area->name) {
/* Skip NULLified area */
continue;
}

- pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
+ area_name_size = strlen(area->name) + 1;
+ pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL);
if (!pd) {
error = -ENOMEM;
goto out_put;
}

- strcpy(pd->name, area->name);
+ strscpy(pd->name, area->name, area_name_size);

You can just use memcpy().

Indeed. In fact I'd go as far as saying that it might be worth teaching static checkers to recognise patterns that boil down to strscpy(dst, src, strlen(src) + 1) and flag them as suspect, because AFAICS that would always represent either an unnecessarily elaborate memcpy(), or far worse just an obfuscated strcpy().

Robin.