| Message ID | 20231207-strncpy-drivers-net-phy-mdio_bus-c-v2-1-fbe941fff345@google.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 1674110c0dd44a6240f03fff9a05fd72917b3f7d |
| Headers | show |
| Series | [v2] net: mdio_bus: replace deprecated strncpy with strscpy | expand |
On Thu, Dec 07, 2023 at 09:57:50PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > We expect mdiodev->modalias to be NUL-terminated based on its usage with > strcmp(): > | return strcmp(mdiodev->modalias, drv->name) == 0; > > Moreover, mdiodev->modalias is already zero-allocated: > | mdiodev = kzalloc(sizeof(*mdiodev), GFP_KERNEL); > ... which means the NUL-padding strncpy provides is not necessary. > > Considering the above, a suitable replacement is `strscpy` [2] due to > the fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Yeah, the subject is distinct now. :) Reviewed-by: Kees Cook <keescook@chromium.org>
Hello: This patch was applied to netdev/net-next.git (main) by David S. Miller <davem@davemloft.net>: On Thu, 07 Dec 2023 21:57:50 +0000 you wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > We expect mdiodev->modalias to be NUL-terminated based on its usage with > strcmp(): > | return strcmp(mdiodev->modalias, drv->name) == 0; > > [...] Here is the summary with links: - [v2] net: mdio_bus: replace deprecated strncpy with strscpy https://git.kernel.org/netdev/net-next/c/1674110c0dd4 You are awesome, thank you!
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c index 25dcaa49ab8b..6cf73c15635b 100644 --- a/drivers/net/phy/mdio_bus.c +++ b/drivers/net/phy/mdio_bus.c @@ -506,7 +506,7 @@ static int mdiobus_create_device(struct mii_bus *bus, if (IS_ERR(mdiodev)) return -ENODEV; - strncpy(mdiodev->modalias, bi->modalias, + strscpy(mdiodev->modalias, bi->modalias, sizeof(mdiodev->modalias)); mdiodev->bus_match = mdio_device_bus_match; mdiodev->dev.platform_data = (void *)bi->platform_data;
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. We expect mdiodev->modalias to be NUL-terminated based on its usage with strcmp(): | return strcmp(mdiodev->modalias, drv->name) == 0; Moreover, mdiodev->modalias is already zero-allocated: | mdiodev = kzalloc(sizeof(*mdiodev), GFP_KERNEL); ... which means the NUL-padding strncpy provides is not necessary. Considering the above, a suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Changes in v2: - rename subject line as it was the same as another and was causing problems. - rebased onto mainline bee0e7762ad2c602 - Link to v1 (lore): https://lore.kernel.org/r/20231012-strncpy-drivers-net-phy-mdio_bus-c-v1-1-15242e6f9ec4@google.com - Link to v1 (patchwork): https://patchwork.kernel.org/project/netdevbpf/patch/20231012-strncpy-drivers-net-phy-mdio_bus-c-v1-1-15242e6f9ec4@google.com/ - Link to collided: https://patchwork.kernel.org/project/netdevbpf/patch/20231012-strncpy-drivers-net-mdio-mdio-gpio-c-v1-1-ab9b06cfcdab@google.com/ --- Note: build-tested only. Found with: $ rg "strncpy\(" --- drivers/net/phy/mdio_bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: bee0e7762ad2c6025b9f5245c040fcc36ef2bde8 change-id: 20231012-strncpy-drivers-net-phy-mdio_bus-c-0a0d5e875712 Best regards, -- Justin Stitt <justinstitt@google.com>