On Thu, Oct 19, 2023 at 05:44:59PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that > both dump_info->dev_human_readable and dump_info->bus_human_readable are > intended to be NUL-terminated. > > Moreover, since this seems to cross the file boundary let's NUL-pad to > ensure no behavior change. > > strscpy_pad() covers both the NUL-termination and NUL-padding, let's use > it. > > Link: > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: [email protected] > Signed-off-by: Justin Stitt <[email protected]>
Thanks for the respin! Reviewed-by: Kees Cook <[email protected]> -- Kees Cook
