Re: [PATCH] inotify: Use strscpy() for event->name copies

From: Kees Cook
Date: Tue Dec 17 2024 - 02:52:09 EST




On December 16, 2024 8:12:07 PM PST, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>On Mon, Dec 16, 2024 at 02:45:15PM -0800, Kees Cook wrote:
>> Since we have already allocated "len + 1" space for event->name, make sure
>> that name->name cannot ever accidentally cause a copy overflow by calling
>> strscpy() instead of the unbounded strcpy() routine. This assists in
>> the ongoing efforts to remove the unsafe strcpy() API[1] from the kernel.
>
>Since a qstr can't contain a NUL before the length, why not just use
>memcpy()?
>
>> event->name_len = len;
>> if (len)
>> - strcpy(event->name, name->name);
>> + strscpy(event->name, name->name, event->name_len + 1);

So that the destination is guaranteed to be NUL terminated no matter what's in the source. :) (i.e. try to limit unlikely conditions from expanding.)

--
Kees Cook