diff options
| author | Azeem Shaikh <azeemshaikh38@gmail.com> | 2023-05-12 17:57:49 +0200 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2023-05-22 21:34:41 +0200 |
| commit | 8ca25e00cf817b635f4e80d59b6d07686d74eff0 (patch) | |
| tree | e76d69eb0c39ac4a18970023949fe67b863d0367 | |
| parent | dlm: Replace all non-returning strlcpy with strscpy (diff) | |
| download | linux-8ca25e00cf817b635f4e80d59b6d07686d74eff0.tar.xz linux-8ca25e00cf817b635f4e80d59b6d07686d74eff0.zip | |
NFS: Prefer strscpy over strlcpy calls
strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
Check for strscpy()'s return value of -E2BIG on truncate for safe
replacement with strlcpy().
This is part of a tree-wide cleanup to remove the strlcpy() function
entirely from the kernel [2].
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230512155749.1356958-1-azeemshaikh38@gmail.com
| -rw-r--r-- | fs/nfs/nfsroot.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs/nfsroot.c b/fs/nfs/nfsroot.c index 620329b7e6ae..7600100ba26f 100644 --- a/fs/nfs/nfsroot.c +++ b/fs/nfs/nfsroot.c @@ -164,7 +164,7 @@ __setup("nfsroot=", nfs_root_setup); static int __init root_nfs_copy(char *dest, const char *src, const size_t destlen) { - if (strlcpy(dest, src, destlen) > destlen) + if (strscpy(dest, src, destlen) == -E2BIG) return -1; return 0; } |