Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy()

From: Len Baker
Date: Sun Aug 01 2021 - 12:01:11 EST


Hi,

On Sun, Aug 01, 2021 at 04:00:00PM +0100, Russell King (Oracle) wrote:
> On Sun, Aug 01, 2021 at 04:43:16PM +0200, Len Baker wrote:
> > strcpy() performs no bounds checking on the destination buffer. This
> > could result in linear overflows beyond the end of the buffer, leading
> > to all kinds of misbehaviors. The safe replacement is strscpy().
> >
> > Signed-off-by: Len Baker <len.baker@xxxxxxx>
> > ---
> > This is a task of the KSPP [1]
> >
> > [1] https://github.com/KSPP/linux/issues/88
> >
> > drivers/input/keyboard/locomokbd.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/input/keyboard/locomokbd.c b/drivers/input/keyboard/locomokbd.c
> > index dae053596572..dbb3dc48df12 100644
> > --- a/drivers/input/keyboard/locomokbd.c
> > +++ b/drivers/input/keyboard/locomokbd.c
> > @@ -254,7 +254,7 @@ static int locomokbd_probe(struct locomo_dev *dev)
> > locomokbd->suspend_jiffies = jiffies;
> >
> > locomokbd->input = input_dev;
> > - strcpy(locomokbd->phys, "locomokbd/input0");
> > + strscpy(locomokbd->phys, "locomokbd/input0", sizeof(locomokbd->phys));
>
> So if the string doesn't fit, it's fine to silently truncate it?

I think it is better than overflow :)

> Rather than converting every single strcpy() in the kernel to
> strscpy(), maybe there should be some consideration given to how the
> issue of a strcpy() that overflows the buffer should be handled.
> E.g. in the case of a known string such as the above, if it's longer
> than the destination, should we find a way to make the compiler issue
> a warning at compile time?

Good point. I am a kernel newbie and have no experience. So this
question should be answered by some kernel hacker :) But I agree
with your proposals.

Kees and folks: Any comments?

Note: Kees is asked the same question in [2]

[2] https://lore.kernel.org/lkml/20210731135957.GB1979@titan/

Regards,
Len