Message ID | 202301091937558399800@zte.com.cn |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2105221wrt; Mon, 9 Jan 2023 03:41:26 -0800 (PST) X-Google-Smtp-Source: AMrXdXtg/XdkTRYMA0DM8ng9Wb0iM4AF01FpQv5KJ4mXIr39mv3M2PhgDtzdTkmj7fLeAS55AXz9 X-Received: by 2002:a05:6a20:ad98:b0:b5:b459:ddeb with SMTP id dd24-20020a056a20ad9800b000b5b459ddebmr4786120pzb.31.1673264486534; Mon, 09 Jan 2023 03:41:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673264486; cv=none; d=google.com; s=arc-20160816; b=zpd+VuN65VTSyhC2YxXIzvYXisNCwiMQUW8PZTwVTM7HItpZwmzPuf4vulcVE89GZ4 q4YT+BN2B5XgkHFLNBFwEmN1sE6d+uUUfqoQQQMPbt0DmaoiJcTQPKC4oKRGRpbCyGfh roOnaoy8LJJvRy8YyTnPze8QqEeF78BkHWVda0VAxeIiOzn6iEoztOlwiCFCwptfAr9L D998am0Ty05Pv642Rzd0de2Cs066YOO98VU7Y4jL8V/DMa5+xvFnxSsUFUVpr1uj515I GJKejMr6zyVkioFxwR63oildE8ZbxJQIqe8voRbybtCUfwFjcf3zjETtmPnF/kKci2UV toOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:mime-version:message-id:date; bh=JM5fxiQenRgL6zR2DYDhqT4ld6M4AljGRsspl5G7QOM=; b=vCSTcnDfOiChBw4uQ7fpnNUTqiWPMBJ5NGuboZ6i14z5NBsAdr6P+vrKuWX3U5x20w 8PQvQcw/k+5P7UnRhgvnVhpOyTsa2C2998qaIGFu0kWhRWeSKz83Ybdl5QzxZnsoxolu V/zwkcwADERazV35E7eRcOG3lrk/eQKm8255qa6zhddxDgM9jvsTYGW9Jao/3mKWakCv +2VdJ7qRJdDkgWQb+75+HBg/BjFaQ10gO3H9eK1URLN7TpFVEM7F4h83MUAqSystjDDL me/4b275EUhpVvXbUYT3U+rYRy5O6uTDStxx5VoiqTskUS8ivCirM7py0R0+WyBbG3km 8PnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zte.com.cn Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s16-20020a634510000000b00476d24ebb04si9485910pga.322.2023.01.09.03.41.12; Mon, 09 Jan 2023 03:41:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zte.com.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234194AbjAILiZ (ORCPT <rfc822;zhanglyra.2023@gmail.com> + 99 others); Mon, 9 Jan 2023 06:38:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233844AbjAILiG (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 9 Jan 2023 06:38:06 -0500 Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.216.63.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D30E0339 for <linux-kernel@vger.kernel.org>; Mon, 9 Jan 2023 03:38:05 -0800 (PST) Received: from mse-fl2.zte.com.cn (unknown [10.5.228.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxhk.zte.com.cn (FangMail) with ESMTPS id 4NrBlH6z5Dz8R043; Mon, 9 Jan 2023 19:38:03 +0800 (CST) Received: from szxlzmapp01.zte.com.cn ([10.5.231.85]) by mse-fl2.zte.com.cn with SMTP id 309BbqHk062468; Mon, 9 Jan 2023 19:37:52 +0800 (+08) (envelope-from yang.yang29@zte.com.cn) Received: from mapi (szxlzmapp01[null]) by mapi (Zmail) with MAPI id mid14; Mon, 9 Jan 2023 19:37:55 +0800 (CST) Date: Mon, 9 Jan 2023 19:37:55 +0800 (CST) X-Zmail-TransId: 2b0363bbfc93fffffffff68cbf33 X-Mailer: Zmail v1.0 Message-ID: <202301091937558399800@zte.com.cn> Mime-Version: 1.0 From: <yang.yang29@zte.com.cn> To: <phillip@squashfs.org.uk> Cc: <linux-kernel@vger.kernel.org>, <xu.panda@zte.com.cn>, <yang.yang29@zte.com.cn> Subject: =?utf-8?q?=5BPATCH_linux-next=5D_Squashfs=3A_use_strscpy=28=29_to_i?= =?utf-8?q?nstead_of_strncpy=28=29?= Content-Type: text/plain; charset="UTF-8" X-MAIL: mse-fl2.zte.com.cn 309BbqHk062468 X-Fangmail-Gw-Spam-Type: 0 X-FangMail-Miltered: at cgslv5.04-192.168.250.137.novalocal with ID 63BBFC9B.000 by FangMail milter! X-FangMail-Envelope: 1673264283/4NrBlH6z5Dz8R043/63BBFC9B.000/10.5.228.133/[10.5.228.133]/mse-fl2.zte.com.cn/<yang.yang29@zte.com.cn> X-Fangmail-Anti-Spam-Filtered: true X-Fangmail-MID-QID: 63BBFC9B.000/4NrBlH6z5Dz8R043 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754544982556096269?= X-GMAIL-MSGID: =?utf-8?q?1754544982556096269?= |
Series |
[linux-next] Squashfs: use strscpy() to instead of strncpy()
|
|
Commit Message
Yang Yang
Jan. 9, 2023, 11:37 a.m. UTC
From: Xu Panda <xu.panda@zte.com.cn> The implementation of strscpy() is more robust and safer. That's now the recommended way to copy NUL-terminated strings. Signed-off-by: Xu Panda <xu.panda@zte.com.cn> Signed-off-by: Yang Yang <yang.yang29@zte.com.cn> --- fs/squashfs/namei.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
Comments
On 09/01/2023 11:37, yang.yang29@zte.com.cn wrote: > From: Xu Panda <xu.panda@zte.com.cn> > > The implementation of strscpy() is more robust and safer. > That's now the recommended way to copy NUL-terminated strings. > NACK. I have spent quite some time reviewing this patch, and the reasons are below. The source name (from the dentry) is passed as pointer and length, and the code should not assume it is NUL terminated. Strscpy() will always access len + 1 bytes from the source string, to check for the NUL terminator and return either the number of characters copied or -E2BIG if no NUL terminator was found at name[len]. This means Strscpy() will perform an out of bounds access on the source string if it is not NUL terminated. This is incorrect in itself, and there are no guarantees it won't fail, for example it might cross a page boundary and the next page may not be mapped. The current code is actually a lot safer because it does not assume the string is NUL terminated. See the LWN article "strscpy() and the hazards of improved interfaces" for a discussion of the dangers of conversion patches. https://lwn.net/Articles/659214/ In particular a quote from Linus Torvalds. "So why did I waffle about this for so long? Every time we introduce a new-and-improved interface, people start doing these interminable series of trivial conversion patches. And every time that happens, somebody does some silly mistake, and the conversion patch to the improved interface actually makes things worse. Because the patch is mindnumbing and trivial, nobody has the attention span to look at it carefully, and it's usually done over large swatches of source code which means that not every conversion gets tested." and to quote from the article itself "It is there to be used with new code, but existing code should not be converted without some compelling reason to do so — or without a high level of attention to the possible implications of the change." Which is why I'm wary of these apparently trivial changes, and I have spent quite some time reviewing this patch. Phillip > Signed-off-by: Xu Panda <xu.panda@zte.com.cn> > Signed-off-by: Yang Yang <yang.yang29@zte.com.cn> > --- > fs/squashfs/namei.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c > index 11e4539b9eae..6c4704ba8f42 100644 > --- a/fs/squashfs/namei.c > +++ b/fs/squashfs/namei.c > @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, > } > > str = &index->name[SQUASHFS_NAME_LEN + 1]; > - strncpy(str, name, len); > - str[len] = '\0'; > + strscpy(str, name, len + 1); > > for (i = 0; i < i_count; i++) { > err = squashfs_read_metadata(sb, index, &index_start,
diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c index 11e4539b9eae..6c4704ba8f42 100644 --- a/fs/squashfs/namei.c +++ b/fs/squashfs/namei.c @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, } str = &index->name[SQUASHFS_NAME_LEN + 1]; - strncpy(str, name, len); - str[len] = '\0'; + strscpy(str, name, len + 1); for (i = 0; i < i_count; i++) { err = squashfs_read_metadata(sb, index, &index_start,