| Message ID | 20230523021451.2406362-1-azeemshaikh38@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | leds: Replace all non-returning strlcpy with strscpy | expand |
On Tue, May 23, 2023 at 02:14:51AM +0000, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [2] https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Reviewed-by: Kees Cook <keescook@chromium.org>
On Tue, 23 May 2023, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [2] https://github.com/KSPP/linux/issues/89 > > Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> > --- > drivers/leds/flash/leds-aat1290.c | 2 +- > drivers/leds/led-class.c | 2 +- > drivers/leds/leds-spi-byte.c | 2 +- > 3 files changed, 3 insertions(+), 3 deletions(-) Applied, thanks
diff --git a/drivers/leds/flash/leds-aat1290.c b/drivers/leds/flash/leds-aat1290.c index 589484b22c79..f12ecb2c6580 100644 --- a/drivers/leds/flash/leds-aat1290.c +++ b/drivers/leds/flash/leds-aat1290.c @@ -425,7 +425,7 @@ static void aat1290_init_v4l2_flash_config(struct aat1290_led *led, struct led_classdev *led_cdev = &led->fled_cdev.led_cdev; struct led_flash_setting *s; - strlcpy(v4l2_sd_cfg->dev_name, led_cdev->dev->kobj.name, + strscpy(v4l2_sd_cfg->dev_name, led_cdev->dev->kobj.name, sizeof(v4l2_sd_cfg->dev_name)); s = &v4l2_sd_cfg->intensity; diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c index 9255bc11f99d..6dae56b914fe 100644 --- a/drivers/leds/led-class.c +++ b/drivers/leds/led-class.c @@ -409,7 +409,7 @@ static int led_classdev_next_name(const char *init_name, char *name, int ret = 0; struct device *dev; - strlcpy(name, init_name, len); + strscpy(name, init_name, len); while ((ret < len) && (dev = class_find_device_by_name(leds_class, name))) { diff --git a/drivers/leds/leds-spi-byte.c b/drivers/leds/leds-spi-byte.c index 2bc5c99daf51..2c7ffc3c78e6 100644 --- a/drivers/leds/leds-spi-byte.c +++ b/drivers/leds/leds-spi-byte.c @@ -98,7 +98,7 @@ static int spi_byte_probe(struct spi_device *spi) return -ENOMEM; of_property_read_string(child, "label", &name); - strlcpy(led->name, name, sizeof(led->name)); + strscpy(led->name, name, sizeof(led->name)); led->spi = spi; mutex_init(&led->mutex); led->cdef = device_get_match_data(dev);
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> --- drivers/leds/flash/leds-aat1290.c | 2 +- drivers/leds/led-class.c | 2 +- drivers/leds/leds-spi-byte.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)