diff options
| author | Justin Stitt <justinstitt@google.com> | 2024-04-01 20:01:51 +0000 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2024-04-02 15:23:47 +0200 |
| commit | 94755a00a4e79236d4bfa6dc671a339828fb38ce (patch) | |
| tree | 3be566c9c50adfeb809b5bea8343ad04a507e40e /arch/alpha | |
| parent | 8777446a3f2dd6dab0859e4aedef6e0240955fdb (diff) | |
udf: replace deprecated strncpy/strcpy with strscpy
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces. Also replace an instance of strcpy() which is also
deprecated.
s_volume_ident is a NUL-terminated string which is evident from its
usage in udf_debug:
| udf_debug("volIdent[] = '%s'\n", UDF_SB(sb)->s_volume_ident);
s_volume_ident should also be NUL-padded as it is copied out to
userspace:
| if (copy_to_user((char __user *)arg,
| UDF_SB(inode->i_sb)->s_volume_ident, 32))
| return -EFAULT;
Considering the above, a suitable replacement is `strscpy_pad` [2] due
to the fact that it guarantees both NUL-termination and NUL-padding on
the destination buffer.
To simplify the code, let's use the new 2-argument version of
strscpy_pad() introduced in Commit e6584c3964f2f ("string: Allow
2-argument strscpy()"). Also zero-allocate @outstr so we can safely use
a non-@ret length argument. This is just in case udf_dstrCS0toChar()
doesn't include the NUL-byte in its return length, we won't truncate
@outstr or write garbage bytes either.
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20240401-strncpy-fs-udf-super-c-v1-1-80cddab7a281@google.com>
Diffstat (limited to 'arch/alpha')
0 files changed, 0 insertions, 0 deletions