[PATCH] kobject: Replace strlcpy with strscpy

From: Azeem Shaikh
Date: Mon Jul 03 2023 - 14:05:44 EST

Next message: Bart Van Assche: "Re: [PATCH RFC 0/7] blk-mq: improve tag fair sharing"
Previous message: syzbot: "[syzbot] [btrfs?] kernel BUG in merge_reloc_roots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().

Direct replacement is safe here since return value of -errno
is used to check for truncation instead of sizeof(dest).

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@xxxxxxxxx>
---
lib/kobject_uevent.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
index 7c44b7ae4c5c..e5497fa0a2d2 100644
--- a/lib/kobject_uevent.c
+++ b/lib/kobject_uevent.c
@@ -254,8 +254,8 @@ static int init_uevent_argv(struct kobj_uevent_env *env, const char *subsystem)
int buffer_size = sizeof(env->buf) - env->buflen;
int len;

- len = strlcpy(&env->buf[env->buflen], subsystem, buffer_size);
- if (len >= buffer_size) {
+ len = strscpy(&env->buf[env->buflen], subsystem, buffer_size);
+ if (len < 0) {
pr_warn("init_uevent_argv: buffer size of %d too small, needed %d\n",
buffer_size, len);
return -ENOMEM;
--
2.41.0.255.g8b1d071c50-goog

Next message: Bart Van Assche: "Re: [PATCH RFC 0/7] blk-mq: improve tag fair sharing"
Previous message: syzbot: "[syzbot] [btrfs?] kernel BUG in merge_reloc_roots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]