Re: [PATCH] tty: vt: keyboard: do not copy an extra-byte in copy_to_user

[Pavel Skripkin]

On 11/6/21 22:46, Ajay Garg wrote:
> Actually, on further thoughts, even David's solution will require an
> extra check, if -E2BIG is returned.
>
> So, I guess the solution suggested by me looks the best
> (https://lore.kernel.org/linux-serial/868025b485b94480ad17d0ec971b3ee9@xxxxxxxxxxxxxxxx/T/#m1c4aaa4347b02fd4c11ce611ff5029fcb71c37a1)
> :
>
> 1.
> == Do not use the return value from strlcpy. ==
>
>                  len = strlcpy(kbs, func_table[kb_func] ? : "", len);
> =>
>                  strlcpy(kbs, func_table[kb_func] ? : "", len);
>
>
> 2.
> == Calculate the actual length of kbs, add 1, and then copy those many
> bytes to user-buffer ==
>
> ret = copy_to_user(user_kdgkb->kb_string, kbs, len + 1) ?
>                          -EFAULT : 0;
> =>
> ret = copy_to_user(user_kdgkb->kb_string, kbs, strlen(kbs) + 1) ?
>                          -EFAULT : 0;

But isn't strlen(kbs) is guaranteed to be equal to strlcpy() return 
value in this case? As I said in previous emails,
strlen(func_table[kb_func]) < sizeof(user_kdgkb->kb_string) by design of 
this function.

Do we need extra strlen() call here? Let's see what more experienced 
people think about it :)



With regards,
Pavel Skripkin