Re: [PATCH] wifi: mwifiex: Replace strlcpy with strscpy

[Kees Cook]

On Thu, Jul 27, 2023 at 07:02:31PM +0300, Kalle Valo wrote:
> Kees Cook <keescook@xxxxxxxxxxxx> writes:
> 
> > On Mon, 10 Jul 2023 03:06:25 +0000, Azeem Shaikh wrote:
> >> strlcpy() reads the entire source buffer first.
> >> This read may exceed the destination size limit.
> >> This is both inefficient and can lead to linear read
> >> overflows if a source string is not NUL-terminated [1].
> >> In an effort to remove strlcpy() completely [2], replace
> >> strlcpy() here with strscpy().
> >> 
> >> [...]
> >
> > Applied, thanks!
> >
> > [1/1] wifi: mwifiex: Replace strlcpy with strscpy
> >       https://git.kernel.org/kees/c/5469fb73e96d
> 
> And the same question here, why are you taking wifi patches without
> acks? And this already fixed differently in wireless-next so our trees
> conflict now:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git/commit/?id=caf9ead2c7d06fd7aa4cb48bd569ad61db9a0b4a

Thanks for pointing that out! I saw no feedback on Azeem's patch, so it
looked like it was being ignored.

For the patch you linked to -- it's okay to have lost the overflow
detection and warning?

Regardless, I will drop this from my tree.

-Kees

-- 
Kees Cook