On Wed, Aug 09, 2023 at 08:02:05PM +0200, Michael Straube wrote:
On 8/9/23 14:21, Greg KH wrote:
On Sat, Aug 05, 2023 at 09:51:14AM +0200, Michael Straube wrote:
Replace strncpy with strscpy in two places where the destination buffer
should be NUL-terminated. Found by checkpatch.
WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90
If a global search/replace could be done, it would have happend a long
time ago.
How was this tested? The functions work differently, are you sure there
is no change in functionality here?
It was only compile tested. To me it looked as it does not change
functionality, but looking a bit deeper at it I'm not sure anymore.
So, we should leave it as is.
So there are three main differences between strncpy() and strcpy().
1) The return.
2) strncpy() will always write net->hidden_ssid_len bytes. If the
string to copy is smaller than net->hidden_ssid_len bytes it will
fill the rest with zeroes. This can be important for preventing
information leaks.
3) strscpy() will always add a NUL terminator where strncpy() just
truncates a too long string without adding a terminator.
We want #3. We don't care about #1. The only thing to check is #2.
regards,
dan carpenter