On Thu, Mar 28, 2024 at 09:52:59PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > The previous code took special care of NUL-terminating the destination > buffer via a manual assignment. As such, there is no bug in the current > implementation. However, in an effort to rid the kernel of strscpy()
typo: rid kernel of strncpy. :) > [2], Let's instead use strscpy() which guarantees this behavior [3]. To > ensure we can copy the same number of bytes as before, add 1 to the > length argument provided to strscpy(). > > Link: > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > [1] > Link: https://github.com/KSPP/linux/issues/90 [2] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html > [3] > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinst...@google.com> > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > fs/squashfs/namei.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c > index 11e4539b9eae..6c4704ba8f42 100644 > --- a/fs/squashfs/namei.c > +++ b/fs/squashfs/namei.c > @@ -80,8 +80,7 @@ static int get_dir_index_using_name(struct super_block *sb, > } > > str = &index->name[SQUASHFS_NAME_LEN + 1]; > - strncpy(str, name, len); > - str[len] = '\0'; > + strscpy(str, name, len + 1); Otherwise, yeah, looks right. Reviewed-by: Kees Cook <keesc...@chromium.org> -Kees > > for (i = 0; i < i_count; i++) { > err = squashfs_read_metadata(sb, index, &index_start, > > --- > base-commit: 928a87efa42302a23bb9554be081a28058495f22 > change-id: 20240328-strncpy-fs-squashfs-namei-c-9d01b8975e53 > > Best regards, > -- > Justin Stitt <justinst...@google.com> > > -- Kees Cook
