Re: [PATCH] scsi: elx: sli4: Replace deprecated strncpy() with strscpy()

From: Thorsten Blum
Date: Mon Apr 07 2025 - 15:24:53 EST

Next message: Kees Cook: "Re: [PATCH] usb: ehci-fsl: Fix use of private data to avoid -Wflex-array-member-not-at-end warning"
Previous message: Kees Cook: "Re: [PATCH][next] ext4: Avoid -Wflex-array-member-not-at-end warning"
In reply to: Kees Cook: "Re: [PATCH] scsi: elx: sli4: Replace deprecated strncpy() with strscpy()"
Next in thread: Kees Cook: "Re: [PATCH] scsi: elx: sli4: Replace deprecated strncpy() with strscpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7. Apr 2025, at 20:28, Kees Cook wrote:
> On Wed, Feb 26, 2025 at 07:55:26PM +0100, Thorsten Blum wrote:
>> strncpy() is deprecated for NUL-terminated destination buffers; use
>> strscpy() instead.
>>
>> Compile-tested only.
>>
>> Link: https://github.com/KSPP/linux/issues/90
>> Cc: linux-hardening@xxxxxxxxxxxxxxx
>> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
>> ---
>
> Standard question for these kinds of conversions: Why is it safe that
> this is not NUL padded? I haven't found where this buffer is being
> zeroed out, but it probably is (given the "- 1" on the length), but
> without run-time testing, this needs much more careful analysis.

I think this was submitted before I started to explain this better.

'wr_obj' is the zeroed out 'buf' returned from sli_config_cmd_init().

I'll update the description and submit a v2.

Thanks,
Thorsten

Next message: Kees Cook: "Re: [PATCH] usb: ehci-fsl: Fix use of private data to avoid -Wflex-array-member-not-at-end warning"
Previous message: Kees Cook: "Re: [PATCH][next] ext4: Avoid -Wflex-array-member-not-at-end warning"
In reply to: Kees Cook: "Re: [PATCH] scsi: elx: sli4: Replace deprecated strncpy() with strscpy()"
Next in thread: Kees Cook: "Re: [PATCH] scsi: elx: sli4: Replace deprecated strncpy() with strscpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]