| Message ID | 20230914-strncpy-drivers-hid-hid-prodikeys-c-v1-1-10c00550f2c2@google.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | abe6db6c43fa59c4755f210e92d6fbe97a0ad1aa |
| Headers | show |
| Series | HID: prodikeys: refactor deprecated strncpy | expand |
On Thu, Sep 14, 2023 at 10:20:55PM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > We should prefer more robust and less ambiguous string interfaces. > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > NUL-termination on the destination buffer without unnecessarily NUL-padding. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: for some reason if NUL-padding is needed let's opt for `strscpy_pad()` > --- > drivers/hid/hid-prodikeys.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/hid/hid-prodikeys.c b/drivers/hid/hid-prodikeys.c > index e4e9471d0f1e..c16d2ba6ea16 100644 > --- a/drivers/hid/hid-prodikeys.c > +++ b/drivers/hid/hid-prodikeys.c > @@ -639,9 +639,9 @@ static int pcmidi_snd_initialise(struct pcmidi_snd *pm) > goto fail; > } > > - strncpy(card->driver, shortname, sizeof(card->driver)); > - strncpy(card->shortname, shortname, sizeof(card->shortname)); > - strncpy(card->longname, longname, sizeof(card->longname)); > + strscpy(card->driver, shortname, sizeof(card->driver)); > + strscpy(card->shortname, shortname, sizeof(card->shortname)); > + strscpy(card->longname, longname, sizeof(card->longname)); "card" is already kzalloc()ed so no _pad() is needed, good. > > /* Set up rawmidi */ > err = snd_rawmidi_new(card, card->shortname, 0, > @@ -652,7 +652,7 @@ static int pcmidi_snd_initialise(struct pcmidi_snd *pm) > goto fail; > } > pm->rwmidi = rwmidi; > - strncpy(rwmidi->name, card->shortname, sizeof(rwmidi->name)); > + strscpy(rwmidi->name, card->shortname, sizeof(rwmidi->name)); > rwmidi->info_flags = SNDRV_RAWMIDI_INFO_INPUT; > rwmidi->private_data = pm; Same here. Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > > > --- > base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec > change-id: 20230914-strncpy-drivers-hid-hid-prodikeys-c-cf42614a21d4 > > Best regards, > -- > Justin Stitt <justinstitt@google.com> >
On Thu, 14 Sep 2023 22:20:55 +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > We should prefer more robust and less ambiguous string interfaces. > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > NUL-termination on the destination buffer without unnecessarily NUL-padding. > > [...] Applied to for-next/hardening, thanks! [1/1] HID: prodikeys: refactor deprecated strncpy https://git.kernel.org/kees/c/31a602bd2f48 Take care,
diff --git a/drivers/hid/hid-prodikeys.c b/drivers/hid/hid-prodikeys.c index e4e9471d0f1e..c16d2ba6ea16 100644 --- a/drivers/hid/hid-prodikeys.c +++ b/drivers/hid/hid-prodikeys.c @@ -639,9 +639,9 @@ static int pcmidi_snd_initialise(struct pcmidi_snd *pm) goto fail; } - strncpy(card->driver, shortname, sizeof(card->driver)); - strncpy(card->shortname, shortname, sizeof(card->shortname)); - strncpy(card->longname, longname, sizeof(card->longname)); + strscpy(card->driver, shortname, sizeof(card->driver)); + strscpy(card->shortname, shortname, sizeof(card->shortname)); + strscpy(card->longname, longname, sizeof(card->longname)); /* Set up rawmidi */ err = snd_rawmidi_new(card, card->shortname, 0, @@ -652,7 +652,7 @@ static int pcmidi_snd_initialise(struct pcmidi_snd *pm) goto fail; } pm->rwmidi = rwmidi; - strncpy(rwmidi->name, card->shortname, sizeof(rwmidi->name)); + strscpy(rwmidi->name, card->shortname, sizeof(rwmidi->name)); rwmidi->info_flags = SNDRV_RAWMIDI_INFO_INPUT; rwmidi->private_data = pm;
`strncpy` is deprecated for use on NUL-terminated destination strings [1]. We should prefer more robust and less ambiguous string interfaces. A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Note: for some reason if NUL-padding is needed let's opt for `strscpy_pad()` --- drivers/hid/hid-prodikeys.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec change-id: 20230914-strncpy-drivers-hid-hid-prodikeys-c-cf42614a21d4 Best regards, -- Justin Stitt <justinstitt@google.com>