tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

replace strncpy with strscpy_pad

The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes.
Link: https://github.com/KSPP/linux/issues/90

In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.

Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Link: https://patch.msgid.link/20250521161036.14489-1-goralbaris@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Baris Can Goral and committed by
Paolo Abeni 5bccdc51 f5b60d6a

+2 -4
+2 -4
net/rds/connection.c
··· 749 749 cinfo->laddr = conn->c_laddr.s6_addr32[3]; 750 750 cinfo->faddr = conn->c_faddr.s6_addr32[3]; 751 751 cinfo->tos = conn->c_tos; 752 - strncpy(cinfo->transport, conn->c_trans->t_name, 753 - sizeof(cinfo->transport)); 752 + strscpy_pad(cinfo->transport, conn->c_trans->t_name); 754 753 cinfo->flags = 0; 755 754 756 755 rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags), ··· 774 775 cinfo6->next_rx_seq = cp->cp_next_rx_seq; 775 776 cinfo6->laddr = conn->c_laddr; 776 777 cinfo6->faddr = conn->c_faddr; 777 - strncpy(cinfo6->transport, conn->c_trans->t_name, 778 - sizeof(cinfo6->transport)); 778 + strscpy_pad(cinfo6->transport, conn->c_trans->t_name); 779 779 cinfo6->flags = 0; 780 780 781 781 rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),