Re: [PATCH v3 2/3] kernfs: Convert kernfs_name_locked() from strlcpy() to strscpy()

From: Tejun Heo
Date: Thu Dec 21 2023 - 19:59:32 EST

Next message: syzbot: "[syzbot] [udf?] WARNING in udf_free_blocks (2)"
Previous message: pr-tracker-bot: "Re: [GIT PULL] pin control fixes for v6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 12, 2023 at 01:17:39PM -0800, Kees Cook wrote:
> strlcpy() reads the entire source buffer first. This read may exceed
> the destination size limit. This is both inefficient and can lead
> to linear read overflows if a source string is not NUL-terminated[1].
> Additionally, it returns the size of the source string, not the
> resulting size of the destination string. In an effort to remove strlcpy()
> completely[2], replace strlcpy() here with strscpy().
>
> Nothing actually checks the return value coming from kernfs_name_locked(),
> so this has no impact on error paths. The caller hierarchy is:
>
> kernfs_name_locked()
> kernfs_name()
> pr_cont_kernfs_name()
> return value ignored
> cgroup_name()
> current_css_set_cg_links_read()
> return value ignored
> print_page_owner_memcg()
> return value ignored
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
> Link: https://github.com/KSPP/linux/issues/89 [2]
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Azeem Shaikh <azeemshaikh38@xxxxxxxxx>
> Link: https://lore.kernel.org/r/20231116192127.1558276-2-keescook@xxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>

Acked-by: Tejun Heo <tj@xxxxxxxxxx>

Thanks.

--
tejun

Next message: syzbot: "[syzbot] [udf?] WARNING in udf_free_blocks (2)"
Previous message: pr-tracker-bot: "Re: [GIT PULL] pin control fixes for v6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]