On Sun, Jun 08, 2025 at 03:00:06AM +0530, Brahmajit Das wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > This modification is mainly due to the concerns on > https://github.com/KSPP/linux/issues/336, where it was mentioned that > strncpy_from_user is confusingly named as it does not NUL-pad the > destination, but it does NOT guarantee NUL-termination. > With this approach/patch we can always ensure that the dst buffer is NUL > terminated.
I think we need wholesale fix the kernel's usage of strncpy_from_user()... first, how is it being used? Are things being manually terminated? Are something destinations not actually C Strings? We may want two APIs (like strtomem vs strscpy). And then since we're dealing with user data, I would think padding should be included? -- Kees Cook
