> strncpy_from_user() succeeds even if userspace data does not contain a
> nul. Then it reads length bytes.
Yes, but if there is no NUL byte in the user buf, whether you use
strncpy_from_user() or copy_from_user(), you need to manually add
a '\0' in the kernel buf to ensure it is properly NUL-terminated.
like:
ret = strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1);
if (ret < 0) {
ret = -EFAULT;
break;
}
buffer[sizeof(buffer) - 1] = '\0';
So I do not think copy_from_user() + '\0' can be instead of strncpy_from_user().
I think strncpy_from_user() can only be used without manually appending '\0'
if someone are certain that the user buf contains a NUL byte.
---
Regards,
WANG
> As far as I can tell, when a nul byte is present, none of these kernel
> use-cases use data after the nul byte. So the behavior is identical
> except that copy_from_user_nul() may result in EFAULT if there are
> unmapped bytes between the first nul byte in `src` and `src+len`.
>
> Alice
