From patchwork Thu Nov 16 19:15:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 165929 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9910:0:b0:403:3b70:6f57 with SMTP id i16csp57042vqn; Thu, 16 Nov 2023 11:15:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IHV1iFQImBmqT3JX2YLXnhjVobgPC/pUD6YeQakZLC1EF+M1YV+goZvEaArPlbIWLac32Cd X-Received: by 2002:a05:6a20:1605:b0:187:f22b:8037 with SMTP id l5-20020a056a20160500b00187f22b8037mr1012296pzj.52.1700162121929; Thu, 16 Nov 2023 11:15:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700162121; cv=none; d=google.com; s=arc-20160816; b=q3l4Z38m7XxrumUlkfIRNx0QsjINAEoDCUsRjpi349xwo6ttabxQ6KSnLklPZczCLW +1x0fqERrKSSl185EcxmVpJn7SPb9pvTC8OM0wrQMEJnZAtEiLGHpvgVIAPjALRMoRCu EjKBjWFoEwFt1l3bNGwJtU3/cNEh3RSisr3G1apYRbnOnwNNCJP+zFz5y4kX3wUc7ikL TrwwQxI2Ys9uvidp6NlgfqWpybl82yDdqfgF5YaqLTT/8+St1gR9KUlsOHG5vJQBwkR4 9J5l/CynaHyOXGPVumLlzgZYL6il5dCPkbUMa/xRPpNdaHtQ7T2ozRHl6t8R0gKvFbiH lr8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=itQbu3UftA7q2hw/NFSZTVr92javRTdC5UMmRHbj2Bw=; fh=CH/BDAg4M97jNBWe1wgotwUtTB5bKB2hJ4qaqvgRnhU=; b=mVzPAeD2/VSwMm67gnhzkrqFjyZClGlMtyLXBi5kdhO1P8AK8MGTEWKUYOseIcGB1P cpKgwe2pDPHHFzbqUK5dHlzRfPMTndPbFiLEvZe/8yIyPb2uI1UdKpkRcmNb3I0GOBGi aysF8eyx7pGOIBDRUg+TzkkvTf8eTcDX2X1KFCY+FTucgAdvGOPuqq8vYJCt3VV/gGlJ pkO8A/HLL0qCBsKpom8XXq2xYAN6z736RGV+0FSURooZv16zjB29M/ZVWLNXk099Ko/5 R+10P6i//Bv1xG1OMJhszrekpWo5IAfF8tsGqlJvA7D12z5iQogiCwgd8pZyz7GjZMNE iH2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=BCjOs9c6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id l9-20020a170903120900b001cc2a6624e5si43521plh.307.2023.11.16.11.15.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 11:15:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=BCjOs9c6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 25F7081DD7FE; Thu, 16 Nov 2023 11:15:21 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345396AbjKPTPS (ORCPT + 30 others); Thu, 16 Nov 2023 14:15:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231289AbjKPTPQ (ORCPT ); Thu, 16 Nov 2023 14:15:16 -0500 Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0815CD57 for ; Thu, 16 Nov 2023 11:15:13 -0800 (PST) Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6c3363a2b93so1123216b3a.3 for ; Thu, 16 Nov 2023 11:15:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1700162112; x=1700766912; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=itQbu3UftA7q2hw/NFSZTVr92javRTdC5UMmRHbj2Bw=; b=BCjOs9c6naNNxZanB9m+Z9Jyj8rWbEqdvk17Bt1XcfLKuEFp8bhCNpvLrltkKVX+5B Tffllcez6iqqM7u9PcaxmnNIgEwtozY5ADPhV1MQNPEqbAU+BVzcWYdOHhh9QrIyZR4E JYFX1VrB8QD5l8Et/yBKhLU4+h806cTYOBdZI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700162112; x=1700766912; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=itQbu3UftA7q2hw/NFSZTVr92javRTdC5UMmRHbj2Bw=; b=tAk2pk7vFm44d7iblVpUsWAnIQKhPlwhIs2gpt2ySWYgpU9wSvCbEzUKiIyeHohoOc bUnlLD+u6yAkU1cP1iXnGr3Pu3eogoU5V5AAGHn+DSaI6hojm0BXPf4cvXV4ZN0o+TBl rWMgii/OoQRktyvsfqq/dtWHkNRT+CH6IyjVz5WRjbO7UBcA2IH6dVvQo87Gf2Lbzh2Q 6QHue3JAdJCJrwDrKg7aaO4s1dsxoS+m5/FQNCpuz4WDj9v2HXJ0ZWzXWuvhhWiwAGlx q51xffr6GB/yx3S58UkZ5KghYMmib5a2zfH2eYsG3lxZxOr2RBDFU5rwzHQfd3USh9eT D9ng== X-Gm-Message-State: AOJu0YyrP8Gms8jA4SZKQ1840Zvkx42Br3YHU0+bAt6M92IluPnFm4t5 Kr5z5KWqCcZUUfgBatIDNu+gaw== X-Received: by 2002:a05:6a20:3d8f:b0:187:1c5c:49e4 with SMTP id s15-20020a056a203d8f00b001871c5c49e4mr9407286pzi.46.1700162112330; Thu, 16 Nov 2023 11:15:12 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id u7-20020a056a00124700b006b8bb35e313sm78111pfi.103.2023.11.16.11.15.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 11:15:12 -0800 (PST) From: Kees Cook To: Masami Hiramatsu Cc: Kees Cook , Valentin Schneider , "Steven Rostedt (Google)" , Chuck Lever , Geliang Tang , Greg Kroah-Hartman , Christophe JAILLET , Thomas Gleixner , Arnd Bergmann , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] samples: Replace strlcpy() with strscpy() Date: Thu, 16 Nov 2023 11:15:10 -0800 Message-Id: <20231116191510.work.550-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3297; i=keescook@chromium.org; h=from:subject:message-id; bh=8RWyq4KVPGbZtO3osk9HAjbi6tNH2MBW0RVY7xAVSV4=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlVmo+7LLVFxN0AZHfhyD824mNHu4H1YNT5WEHd jCOwpvPjWiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZVZqPgAKCRCJcvTf3G3A JsMwD/9v8oRd7dP1JrSwAPMk6+Wswvsl7EXZsrd0/8AuGTD61idVFJ5KK8HyRX5hYiHBZnxo7As r6s7O1gn9jeyLRGyTfAsJgYpu1E/XxQobeTONUepIrI4s1dywUx2hoUUyP9Ml8Op5KxUTi0RPS9 MGNT1NdfG4ALEnF9PRQar9EJ1oIE0MAvhkYb9VF536or88XpQWrDqnCDrdcZjVy3/wk1njAhYwg COO3z6PA0qnajm9+JBuCETaFmkQ/Zoi/0ixw21J8gh6u7sjr39cO5x0YNpKFpQebfzw33VQi6qw KVxqTC/xrJF/ZjVXTBu5xSpsQaxj7bv8GtKf9mzOU0K8fTURElEVbYxuvSjdwcasE2k8zSAg1Us 6/X7QiYpsA2c3tR0eKs89X8PabH2lQjB13ieFi89p33YReO3PyohOGakL7CsJy/4xxbC/dchZV0 7GjybpjDuzWkHP/0nNTH45WdYYsJ3YUUb8WWbMq/2TCr89yoExGFlMbPCCiPwbpe+uYFOhV524o AvUPhxWBVNK7Y6D2HUDICv7tyAwM4mceRYIJq/L0COQDTqNmGzq8IEOGcJHMfLT/smzsoCwg0Ug ux9FgCI7HS7BknE40dkd2DCfTEqKQmJ439MQnoGoa35x2F+OlFIr8e+cec/DI95Ep2gAUrRl+Kg DtD781K vmCi5Jzg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 16 Nov 2023 11:15:21 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782749197048084977 X-GMAIL-MSGID: 1782749197048084977 strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated[1]. Additionally, it returns the size of the source string, not the resulting size of the destination string. In an effort to remove strlcpy() completely[2], replace strlcpy() here with strscpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1] Link: https://github.com/KSPP/linux/issues/89 [2] Cc: Masami Hiramatsu Cc: Valentin Schneider Cc: "Steven Rostedt (Google)" Cc: Chuck Lever Cc: Geliang Tang Cc: Greg Kroah-Hartman Cc: Christophe JAILLET Cc: Thomas Gleixner Cc: Arnd Bergmann Signed-off-by: Kees Cook Acked-by: Steven Rostedt (Google) --- samples/trace_events/trace-events-sample.h | 2 +- samples/v4l/v4l2-pci-skeleton.c | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/samples/trace_events/trace-events-sample.h b/samples/trace_events/trace-events-sample.h index 1c6b843b8c4e..23f923ccd529 100644 --- a/samples/trace_events/trace-events-sample.h +++ b/samples/trace_events/trace-events-sample.h @@ -305,7 +305,7 @@ TRACE_EVENT(foo_bar, ), TP_fast_assign( - strlcpy(__entry->foo, foo, 10); + strscpy(__entry->foo, foo, 10); __entry->bar = bar; memcpy(__get_dynamic_array(list), lst, __length_of(lst) * sizeof(int)); diff --git a/samples/v4l/v4l2-pci-skeleton.c b/samples/v4l/v4l2-pci-skeleton.c index a61f94db18d9..69ef788d9e3b 100644 --- a/samples/v4l/v4l2-pci-skeleton.c +++ b/samples/v4l/v4l2-pci-skeleton.c @@ -291,8 +291,8 @@ static int skeleton_querycap(struct file *file, void *priv, { struct skeleton *skel = video_drvdata(file); - strlcpy(cap->driver, KBUILD_MODNAME, sizeof(cap->driver)); - strlcpy(cap->card, "V4L2 PCI Skeleton", sizeof(cap->card)); + strscpy(cap->driver, KBUILD_MODNAME, sizeof(cap->driver)); + strscpy(cap->card, "V4L2 PCI Skeleton", sizeof(cap->card)); snprintf(cap->bus_info, sizeof(cap->bus_info), "PCI:%s", pci_name(skel->pdev)); return 0; @@ -597,11 +597,11 @@ static int skeleton_enum_input(struct file *file, void *priv, i->type = V4L2_INPUT_TYPE_CAMERA; if (i->index == 0) { i->std = SKEL_TVNORMS; - strlcpy(i->name, "S-Video", sizeof(i->name)); + strscpy(i->name, "S-Video", sizeof(i->name)); i->capabilities = V4L2_IN_CAP_STD; } else { i->std = 0; - strlcpy(i->name, "HDMI", sizeof(i->name)); + strscpy(i->name, "HDMI", sizeof(i->name)); i->capabilities = V4L2_IN_CAP_DV_TIMINGS; } return 0; @@ -845,7 +845,7 @@ static int skeleton_probe(struct pci_dev *pdev, const struct pci_device_id *ent) /* Initialize the video_device structure */ vdev = &skel->vdev; - strlcpy(vdev->name, KBUILD_MODNAME, sizeof(vdev->name)); + strscpy(vdev->name, KBUILD_MODNAME, sizeof(vdev->name)); /* * There is nothing to clean up, so release is set to an empty release * function. The release callback must be non-NULL.