On Fri, Dec 01, 2023 at 03:27:26PM +0900, Masami Hiramatsu wrote: > On Thu, 30 Nov 2023 12:56:08 -0800 > Kees Cook <keesc...@chromium.org> wrote: > > > strlcpy() reads the entire source buffer first. This read may exceed > > the destination size limit. This is both inefficient and can lead > > to linear read overflows if a source string is not NUL-terminated[1]. > > Additionally, it returns the size of the source string, not the > > resulting size of the destination string. In an effort to remove strlcpy() > > completely[2], replace strlcpy() here with strscpy(). > > > > The negative return value is already handled by this code so no new > > handling is needed here. > > > > Link: > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1] > > Link: https://github.com/KSPP/linux/issues/89 [2] > > Cc: Steven Rostedt <rost...@goodmis.org> > > Cc: Masami Hiramatsu <mhira...@kernel.org> > > Cc: linux-trace-ker...@vger.kernel.org > > Signed-off-by: Kees Cook <keesc...@chromium.org> > > Hi Kees, > > As same as sample's change, should I ask you to pick this to your tree? > Since it is a kind of a part of series patch. I'm OK for it since this > does not change the code so much. > > In that case, please feel free to add my Ack. > > Acked-by: Masami Hiramatsu (Google) <mhira...@kernel.org>
Either way is fine, but I can take it since I've got a few others already too. :) Thanks! -Kees -- Kees Cook
