strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces.
The previous code took special care of NUL-terminating the destination buffer via a manual assignment. As such, there is no bug in the current implementation. However, in an effort to rid the kernel of strscpy() [2], Let's instead use strscpy() which guarantees this behavior [3]. To ensure we can copy the same number of bytes as before, add 1 to the length argument provided to strscpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 [2] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [3] Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinst...@google.com> --- Note: build-tested only. Found with: $ rg "strncpy\(" --- fs/squashfs/namei.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c index 11e4539b9eae..6c4704ba8f42 100644 --- a/fs/squashfs/namei.c +++ b/fs/squashfs/namei.c @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, } str = &index->name[SQUASHFS_NAME_LEN + 1]; - strncpy(str, name, len); - str[len] = '\0'; + strscpy(str, name, len + 1); for (i = 0; i < i_count; i++) { err = squashfs_read_metadata(sb, index, &index_start, --- base-commit: 928a87efa42302a23bb9554be081a28058495f22 change-id: 20240328-strncpy-fs-squashfs-namei-c-9d01b8975e53 Best regards, -- Justin Stitt <justinst...@google.com>
