On Thu, Oct 12, 2023 at 09:33:32PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > We expect both hi.data.modename and hi.data.drivername to be > NUL-terminated but not necessarily NUL-padded which is evident by its > usage with sprintf: > | sprintf(hi.data.modename, "%sclk,%smodem,fclk=%d,bps=%d%s", > | bc->cfg.intclk ? "int" : "ext", > | bc->cfg.extmodem ? "ext" : "int", bc->cfg.fclk, bc->cfg.bps, > | bc->cfg.loopback ? ",loopback" : ""); > > Note that this data is copied out to userspace with: > | if (copy_to_user(data, &hi, sizeof(hi))) > ... however, the data was also copied FROM the user here: > | if (copy_from_user(&hi, data, sizeof(hi)))
Thanks Justin, I see that too. Perhaps I am off the mark here, and perhaps it's out of scope for this patch, but I do think it would be nicer if the kernel only sent intended data to user-space, even if any unintended payload came from user-space. > Considering the above, a suitable replacement is `strscpy` [2] due to > the fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. > > Link: > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html > [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: [email protected] > Signed-off-by: Justin Stitt <[email protected]> ...
