Re: [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad()

From: Thorsten Blum
Date: Thu Feb 20 2025 - 02:05:01 EST

Next message: Oliver Sang: "Re: [linux-next:master] [x86] 66fbf67705: kernel-selftests.kvm.hardware_disable_test.fail"
Previous message: Hans Verkuil: "Re: [PATCH v7 4/6] media: platform: synopsys: Add support for HDMI input driver"
In reply to: Kees Cook: "Re: [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad()"
Next in thread: Kees Cook: "Re: [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20. Feb 2025, at 03:57, Kees Cook wrote:
> On Wed, Feb 19, 2025 at 11:47:31PM +0100, Thorsten Blum wrote:
>> strncpy() is deprecated for NUL-terminated destination buffers. Use
>> strscpy_pad() instead and remove the manual NUL-termination.
>
> When doing these conversions, please describe two aspects of
> conversions:
>
> - Why is it safe to be NUL terminated
> - Why is it safe to be/not-be NUL-padded
>
> In this case, the latter needs examination. Looking at how ctr is used,
> it is memcpy()ed later, which means this string MUST be NUL padded or it
> will leak stack memory contents.
>
> So, please use strscpy_pad() here. :)

I am using strscpy_pad() here already because of the NUL-padding.

Did you just miss that?

Thanks,
Thorsten

Next message: Oliver Sang: "Re: [linux-next:master] [x86] 66fbf67705: kernel-selftests.kvm.hardware_disable_test.fail"
Previous message: Hans Verkuil: "Re: [PATCH v7 4/6] media: platform: synopsys: Add support for HDMI input driver"
In reply to: Kees Cook: "Re: [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad()"
Next in thread: Kees Cook: "Re: [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]