On December 16, 2024 8:12:07 PM PST, Matthew Wilcox <wi...@infradead.org> wrote:
>On Mon, Dec 16, 2024 at 02:45:15PM -0800, Kees Cook wrote:
>> Since we have already allocated "len + 1" space for event->name, make sure
>> that name->name cannot ever accidentally cause a copy overflow by calling
>> strscpy() instead of the unbounded strcpy() routine. This assists in
>> the ongoing efforts to remove the unsafe strcpy() API[1] from the kernel.
>
>Since a qstr can't contain a NUL before the length, why not just use
>memcpy()?
>
>> event->name_len = len;
>> if (len)
>> - strcpy(event->name, name->name);
>> + strscpy(event->name, name->name, event->name_len + 1);
So that the destination is guaranteed to be NUL terminated no matter what's in
the source. :) (i.e. try to limit unlikely conditions from expanding.)
--
Kees Cook
