| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Oct 2023 14:22:12 -0700 From: Jesse Brandeburg <jesse.brandeburg@...el.com> To: Justin Stitt <justinstitt@...gle.com>, Tony Nguyen <anthony.l.nguyen@...el.com>, "David S. Miller" <davem@...emloft.net>, "Eric Dumazet" <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> CC: <intel-wired-lan@...ts.osuosl.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-hardening@...r.kernel.org> Subject: Re: [PATCH] igc: replace deprecated strncpy with strscpy On 10/10/2023 2:15 PM, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > We expect netdev->name to be NUL-terminated based on its use with format > strings: > | if (q_vector->rx.ring && q_vector->tx.ring) > | sprintf(q_vector->name, "%s-TxRx-%u", netdev->name, > > Furthermore, we do not need NUL-padding as netdev is already > zero-allocated: > | netdev = alloc_etherdev_mq(sizeof(struct igc_adapter), > | IGC_MAX_TX_QUEUES); > ... > alloc_etherdev() -> alloc_etherdev_mq() -> alloc_etherdev_mqs() -> > alloc_netdev_mqs() ... > | p = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL); > > Considering the above, a suitable replacement is `strscpy` [2] due to > the fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. > > Let's also opt for the more idiomatic strscpy usage of (dest, src, > sizeof(dest)) instead of (dest, src, SOME_LEN). > Please see my comments on the igbvf patch.
Powered by blists - more mailing lists