diff mbox series

scsi: fcoe: replace deprecated strncpy with strscpy

Message ID 20231024-strncpy-drivers-scsi-fcoe-fcoe_sysfs-c-v1-1-1e0026ee032d@google.com (mailing list archive)
State Changes Requested
Headers show
Series scsi: fcoe: replace deprecated strncpy with strscpy | expand

Commit Message

Justin Stitt Oct. 24, 2023, 7:52 p.m. UTC 
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.

We expect `mode` to be NUL-terminated based on its usage with
strcasecmp():

|       ctlr->mode = fcoe_parse_mode(mode);
...
|       static enum fip_conn_type fcoe_parse_mode(const char *buf)
|       {
|       	int i;
|
|       	for (i = 0; i < ARRAY_SIZE(fip_conn_type_names); i++) {
|       		if (strcasecmp(buf, fip_conn_type_names[i]) == 0)
|       			return i;
|       	}
|
|       	return FIP_CONN_TYPE_UNKNOWN;
|       }

Considering the above, a suitable replacement is `strscpy` [2] due to
the fact that it guarantees NUL-termination on the destination buffer
without unnecessarily NUL-padding.

We can drop the manual NUL-byte assignment but should keep the newline
removal so newlines don't creep into the string.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Note: build-tested only.

Found with: $ rg "strncpy\("
---
 drivers/scsi/fcoe/fcoe_sysfs.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)


---
base-commit: d88520ad73b79e71e3ddf08de335b8520ae41c5c
change-id: 20231024-strncpy-drivers-scsi-fcoe-fcoe_sysfs-c-0e1dffe82855

Best regards,
--
Justin Stitt <justinstitt@google.com>

Comments

Bart Van Assche Oct. 24, 2023, 8:01 p.m. UTC | #1 
On 10/24/23 12:52, Justin Stitt wrote:
> diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
> index e17957f8085c..7a3ca6cd3030 100644
> --- a/drivers/scsi/fcoe/fcoe_sysfs.c
> +++ b/drivers/scsi/fcoe/fcoe_sysfs.c
> @@ -279,12 +279,10 @@ static ssize_t store_ctlr_mode(struct device *dev,
>   	if (count > FCOE_MAX_MODENAME_LEN)
>   		return -EINVAL;
>   
> -	strncpy(mode, buf, count);
> +	strscpy(mode, buf, count);
>   
>   	if (mode[count - 1] == '\n')
>   		mode[count - 1] = '\0';
> -	else
> -		mode[count] = '\0';
>   
>   	switch (ctlr->enabled) {
>   	case FCOE_CTLR_ENABLED:

Please consider to remove the code for copying the sysfs string and to
use sysfs_match_string() instead.

Thanks,

Bart.
Justin Stitt Dec. 11, 2023, 8:08 p.m. UTC | #2 
Hi,

On Tue, Oct 24, 2023 at 1:01 PM Bart Van Assche <bvanassche@acm.org> wrote:
>
> On 10/24/23 12:52, Justin Stitt wrote:
> > diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
> > index e17957f8085c..7a3ca6cd3030 100644
> > --- a/drivers/scsi/fcoe/fcoe_sysfs.c
> > +++ b/drivers/scsi/fcoe/fcoe_sysfs.c
> > @@ -279,12 +279,10 @@ static ssize_t store_ctlr_mode(struct device *dev,
> >       if (count > FCOE_MAX_MODENAME_LEN)
> >               return -EINVAL;
> >
> > -     strncpy(mode, buf, count);
> > +     strscpy(mode, buf, count);
> >
> >       if (mode[count - 1] == '\n')
> >               mode[count - 1] = '\0';
> > -     else
> > -             mode[count] = '\0';
> >
> >       switch (ctlr->enabled) {
> >       case FCOE_CTLR_ENABLED:
>
> Please consider to remove the code for copying the sysfs string and to
> use sysfs_match_string() instead.
>

Sorry, I'm not too familiar with sysfs strings here.

Let me know what you think of this patch [1].

> Thanks,
>
> Bart.
>

[1]: https://lore.kernel.org/r/20231211-strncpy-drivers-scsi-fcoe-fcoe_sysfs-c-v1-1-73b942238396@google.com

Thanks
Justin
Bart Van Assche Dec. 11, 2023, 8:37 p.m. UTC | #3 
On 12/11/23 12:08, Justin Stitt wrote:
> Hi,
> 
> On Tue, Oct 24, 2023 at 1:01 PM Bart Van Assche <bvanassche@acm.org> wrote:
>>
>> On 10/24/23 12:52, Justin Stitt wrote:
>>> diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
>>> index e17957f8085c..7a3ca6cd3030 100644
>>> --- a/drivers/scsi/fcoe/fcoe_sysfs.c
>>> +++ b/drivers/scsi/fcoe/fcoe_sysfs.c
>>> @@ -279,12 +279,10 @@ static ssize_t store_ctlr_mode(struct device *dev,
>>>        if (count > FCOE_MAX_MODENAME_LEN)
>>>                return -EINVAL;
>>>
>>> -     strncpy(mode, buf, count);
>>> +     strscpy(mode, buf, count);
>>>
>>>        if (mode[count - 1] == '\n')
>>>                mode[count - 1] = '\0';
>>> -     else
>>> -             mode[count] = '\0';
>>>
>>>        switch (ctlr->enabled) {
>>>        case FCOE_CTLR_ENABLED:
>>
>> Please consider to remove the code for copying the sysfs string and to
>> use sysfs_match_string() instead.
>>
> 
> Sorry, I'm not too familiar with sysfs strings here.
> 
> Let me know what you think of this patch [1].

I don't use FCoE so I will leave it to an FCoE user to review that patch.

Thanks,

Bart.
diff mbox series

Patch

diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
index e17957f8085c..7a3ca6cd3030 100644
--- a/drivers/scsi/fcoe/fcoe_sysfs.c
+++ b/drivers/scsi/fcoe/fcoe_sysfs.c
@@ -279,12 +279,10 @@  static ssize_t store_ctlr_mode(struct device *dev,
 	if (count > FCOE_MAX_MODENAME_LEN)
 		return -EINVAL;
 
-	strncpy(mode, buf, count);
+	strscpy(mode, buf, count);
 
 	if (mode[count - 1] == '\n')
 		mode[count - 1] = '\0';
-	else
-		mode[count] = '\0';
 
 	switch (ctlr->enabled) {
 	case FCOE_CTLR_ENABLED: