Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect led->name to be NUL-terminated based on the presence of a
> manual NUL-byte assignment.
>
> This NUL-b
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous
> interfaces.
>
> The affected code's purpose is to truncate strings that are too long
> with "..." like:
> foobar -> fo...
>
> The lengt
On 10/17/2023 11:27 PM, Franky Lin wrote:
On Tue, Oct 17, 2023 at 1:11 PM 'Justin Stitt' via
BRCM80211-DEV-LIST,PDL wrote:
Hi,
This series used to be just one patch in [v2] but I've split it into two
separate patches.
The motivation behind this series is that strncpy() is deprecated for
use
Arnd noticed we have a case where a shorter source string is being copied
into a destination byte array, but this results in a strnlen() call that
exceeds the size of the source. This is seen with -Wstringop-overread:
In file included from ../include/linux/uuid.h:11,
from ../inclu
On Mon, 2023-10-09 at 13:52 -0600, Gustavo A. R. Silva wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexi
On Wed, Oct 18, 2023, at 20:07, Kees Cook wrote:
> Arnd noticed we have a case where a shorter source string is being copied
> into a destination byte array, but this results in a strnlen() call that
> exceeds the size of the source. This is seen with -Wstringop-overread:
>
> In file included from
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
Based on other assignments of similar fw_version fields we can see that
NUL-termination is required but not NUL-padding:
ethernet/intel/ixgbe/ixg
alone driver patch the
> correct prefix should be wifi: wl1251:
>
Ah, I see. I fixed it in [v2].
[v2]:
https://lore.kernel.org/r/20231018-strncpy-drivers-net-wireless-ti-wl1251-main-c-v2-1-67b63dfcb...@google.com
Thanks!
Justin
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
wl->chip.phy_fw_ver_str is obviously intended to be NUL-terminated by
the deliberate comment telling us as much. Furthermore, its only use is
dri
Thanks for pointing this out!
I fixed it in [v2].
[v2]:
https://lore.kernel.org/r/20231018-strncpy-drivers-net-wireless-ti-wl18xx-main-c-v2-1-ab828a491...@google.com
Justin
w.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Similar-to:
https://lore.kernel.org/all/20231018-strncpy
info in wiphy struct */
wiphy->hw_version = wl->chip.id;
- strncpy(wiphy->fw_version, wl->chip.fw_ver_str,
+ strscpy(wiphy->fw_version, wl->chip.fw_ver_str,
sizeof(wiphy->fw_version));
/*
---
base-commit: 58720809f52779dc0f08e53e54b014209d13eebb
change-id: 20231018-strncpy-drivers-net-wireless-ti-wlcore-main-c-c0c28a2ffb0f
Best regards,
--
Justin Stitt
rpwwan, chinfo);
if (!rpwwan->ept)
---
base-commit: 58720809f52779dc0f08e53e54b014209d13eebb
change-id: 20231018-strncpy-drivers-net-wwan-rpmsg_wwan_ctrl-c-3f620aafd326
Best regards,
--
Justin Stitt
e));
export_uuid(super->uuid, nd_btt->uuid);
export_uuid(super->parent_uuid, parent_uuid);
super->flags = cpu_to_le32(arena->flags);
---
base-commit: 58720809f52779dc0f08e53e54b014209d13eebb
change-id: 20231018-strncpy-drivers-nvdimm-btt-c-15f93879989e
Best regards,
--
Justin Stitt
signature, BTT_SIG, BTT_SIG_LEN);
> + strscpy(super->signature, BTT_SIG, sizeof(super->signature));
> export_uuid(super->uuid, nd_btt->uuid);
> export_uuid(super->parent_uuid, parent_uuid);
> super->flags = cpu_to_le32(arena->flags);
>
> ---
> base-commit: 58720809f52779dc0f08e53e54b014209d13eebb
> change-id: 20231018-strncpy-drivers-nvdimm-btt-c-15f93879989e
>
> Best regards,
> --
> Justin Stitt
>
[1]: https://lore.kernel.org/all/?q=dfn%3Adrivers%2Fnvdimm%2Fbtt.c
Thanks
Justin
VMF_NQN_SIZE);
+ strscpy(data->subsysnqn, ctrl->opts->subsysnqn, NVMF_NQN_SIZE);
+ strscpy(data->hostnqn, ctrl->opts->host->nqn, NVMF_NQN_SIZE);
return data;
}
---
base-commit: 58720809f52779dc0f08e53e54b014209d13eebb
change-id: 20231018-strncpy-drivers-nvme-host-fabrics-c-416258a22598
Best regards,
--
Justin Stitt
On Thu, Oct 12, 2023 at 09:53:03PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect mdiodev->modalias to be NUL-terminated based on its usage with
ic int btt_arena_write_layout(struct arena_info
> > *arena)
> > if (!super)
> > return -ENOMEM;
> >
> > - strncpy(super->signature, BTT_SIG, BTT_SIG_LEN);
> > + strscpy(super->signature, BTT_SIG, sizeof(super->signature));
> > export_uuid(super->uuid, nd_btt->uuid);
> > export_uuid(super->parent_uuid, parent_uuid);
> > super->flags = cpu_to_le32(arena->flags);
> >
> > ---
> > base-commit: 58720809f52779dc0f08e53e54b014209d13eebb
> > change-id: 20231018-strncpy-drivers-nvdimm-btt-c-15f93879989e
> >
> > Best regards,
> > --
> > Justin Stitt
> >
>
> [1]: https://lore.kernel.org/all/?q=dfn%3Adrivers%2Fnvdimm%2Fbtt.c
>
> Thanks
> Justin
>
On Mon, Oct 16, 2023 at 08:22:45PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces. strcpy() is also deprecated [2] and shouldn't be used.
Since these are read-o
On Tue, Oct 17, 2023 at 08:11:29PM +, Justin Stitt wrote:
> Let's move away from using strncpy and instead use the more obvious
> interface for this context.
>
> For wlc->pub->srom_ccode, we're just copying two bytes from ccode into
> wlc->pub->srom_ccode with no expectation that srom_ccode be
While most of the gcc-plugins are self-contained in the
scripts/gcc-plugins directory, stackleak actually has some additional
files. Add those so changes are directed to the hardening list.
Suggested-by: Mark Rutland
Signed-off-by: Kees Cook
---
MAINTAINERS | 2 ++
1 file changed, 2 insertions(
Hi Kai-Heng,
kernel test robot noticed the following build warnings:
[auto build test WARNING on pci/next]
[also build test WARNING on pci/for-linus linus/master v6.6-rc6 next-20231017]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest t
On Tue, Oct 17, 2023 at 09:48:15PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> `extra` is intended to be NUL-terminated which is evident by the manual
>
On Tue, Oct 17, 2023 at 09:58:44PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that
>
On Wed, Oct 18, 2023 at 09:15:23PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> Based on other assignments of similar fw_version fields we can see that
>
On Wed, Oct 18, 2023 at 04:33:29PM -0700, Alison Schofield wrote:
> On Wed, Oct 18, 2023 at 03:39:59PM -0700, Justin Stitt wrote:
> > I have a feeling I may have botched the subject line for this patch.
> > Can anyone confirm if it's good or not?
> >
> > Automated tooling told me that this was the
On Wed, Oct 18, 2023 at 09:18:24PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> wl->chip.phy_fw_ver_str is obviously intended to be NUL-terminated by
> t
debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Similar-to:
> https://lore.kernel.org/all/20231018-strncpy-drivers-net-wireless-ti-wl18xx-main-c-v2-1-ab828a491...@google.com/
> Signed-off-by: Justin Stitt
Yup, looks good.
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Oct 18, 2023 at 09:50:01PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect fw_version strings to be NUL-terminated based on other similar
On Wed, Oct 18, 2023 at 10:14:55PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect chinfo.name to be NUL-terminated based on its use with format
>
On Wed, Oct 18, 2023 at 10:48:49PM +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
If we want that we need to stop pretendening direct manipulation of
nul-termi
connect_data
> *nvmf_connect_data_prep(struct nvme_ctrl *ctrl,
>
> uuid_copy(&data->hostid, &ctrl->opts->host->id);
> data->cntlid = cpu_to_le16(cntlid);
> - strncpy(data->subsysnqn, ctrl->opts->subsysnqn, NVMF_NQN_SIZE);
> - str
On Thu, Oct 19, 2023 at 07:46:42AM +0200, Christoph Hellwig wrote:
> On Wed, Oct 18, 2023 at 10:48:49PM +, Justin Stitt wrote:
> > strncpy() is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous string
> > interfaces.
>
33 matches
Mail list logo
