tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernfs: Convert kernfs_walk_ns() from strlcpy() to strscpy()

strlcpy() reads the entire source buffer first. This read may exceed
the destination size limit. This is both inefficient and can lead
to linear read overflows if a source string is not NUL-terminated[1].
Additionally, it returns the size of the source string, not the
resulting size of the destination string. In an effort to remove strlcpy()
completely[2], replace strlcpy() here with strscpy().

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1]
Link: https://github.com/KSPP/linux/issues/89 [2]
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Azeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20231116192127.1558276-1-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20231212211741.164376-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Kees Cook and committed by
Greg Kroah-Hartman 792e0476 2678fd2f

+3 -3
+3 -3
fs/kernfs/dir.c
··· 862 862 const unsigned char *path, 863 863 const void *ns) 864 864 { 865 - size_t len; 865 + ssize_t len; 866 866 char *p, *name; 867 867 868 868 lockdep_assert_held_read(&kernfs_root(parent)->kernfs_rwsem); 869 869 870 870 spin_lock_irq(&kernfs_pr_cont_lock); 871 871 872 - len = strlcpy(kernfs_pr_cont_buf, path, sizeof(kernfs_pr_cont_buf)); 872 + len = strscpy(kernfs_pr_cont_buf, path, sizeof(kernfs_pr_cont_buf)); 873 873 874 - if (len >= sizeof(kernfs_pr_cont_buf)) { 874 + if (len < 0) { 875 875 spin_unlock_irq(&kernfs_pr_cont_lock); 876 876 return NULL; 877 877 }