Re: [PATCH v2] tracing/boot: Replace strlcpy with strscpy

From: Kees Cook
Date: Tue Jun 20 2023 - 16:35:20 EST


On Tue, Jun 20, 2023 at 04:33:25PM -0400, Steven Rostedt wrote:
> On Tue, 20 Jun 2023 13:28:26 -0700
> Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> > On Thu, 15 Jun 2023 18:04:20 +0000, Azeem Shaikh wrote:
> > > strlcpy() reads the entire source buffer first.
> > > This read may exceed the destination size limit.
> > > This is both inefficient and can lead to linear read
> > > overflows if a source string is not NUL-terminated [1].
> > > In an effort to remove strlcpy() completely [2], replace
> > > strlcpy() here with strscpy().
> > >
> > > [...]
> >
> > Applied to for-next/hardening, thanks!
> >
> > [1/1] tracing/boot: Replace strlcpy with strscpy
> > https://git.kernel.org/kees/c/b1c38314f756
> >
>
> I was going to add this to my queue.

Ah, okay, no worries. I will drop it from mine.

--
Kees Cook