Re: [PATCH] tracing/boot: Replace strlcpy with strscpy

From: Eric Biggers
Date: Wed Jun 14 2023 - 13:13:38 EST

Next message: Ben Dooks: "[PATCH v8 4/5] pwm: dwc: use clock rate in hz to avoid rounding issues"
Previous message: Jens Axboe: "Re: [PATCH v3] blk-mq: check on cpu id when there is only one ctx mapping"
In reply to: Azeem Shaikh: "Re: [PATCH] tracing/boot: Replace strlcpy with strscpy"
Next in thread: Azeem Shaikh: "Re: [PATCH] tracing/boot: Replace strlcpy with strscpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 14, 2023 at 10:01:57AM -0400, Azeem Shaikh wrote:
> On Tue, Jun 13, 2023 at 3:27 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > On Tue, Jun 13, 2023 at 12:41:25AM +0000, Azeem Shaikh wrote:
> > > strlcpy() reads the entire source buffer first.
> > > This read may exceed the destination size limit.
> > > This is both inefficient and can lead to linear read
> > > overflows if a source string is not NUL-terminated [1].
> > > In an effort to remove strlcpy() completely [2], replace
> > > strlcpy() here with strscpy().
> > >
> > > Direct replacement is safe here since return value of -E2BIG
> > > is used to check for truncation instead of sizeof(dest).
> >
> > This looks technically correct, but I wonder if "< 0" is a better test?
>
> Agreed. "< 0" might more generically represent -errno. Happy to send
> over a v2 if you prefer that instead of sticking with this patch.

Please go with "< 0", since it's easier to read and less error-prone. (It would
be easy to mistype -E2BIG as -EFBIG, or E2BIG, for example...)

- Eric

Next message: Ben Dooks: "[PATCH v8 4/5] pwm: dwc: use clock rate in hz to avoid rounding issues"
Previous message: Jens Axboe: "Re: [PATCH v3] blk-mq: check on cpu id when there is only one ctx mapping"
In reply to: Azeem Shaikh: "Re: [PATCH] tracing/boot: Replace strlcpy with strscpy"
Next in thread: Azeem Shaikh: "Re: [PATCH] tracing/boot: Replace strlcpy with strscpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]