On Thu, Nov 16, 2023 at 11:14 AM Kees Cook <[email protected]> wrote: > > strlcpy() reads the entire source buffer first. This read may exceed > the destination size limit. This is both inefficient and can lead > to linear read overflows if a source string is not NUL-terminated[1]. > Additionally, it returns the size of the source string, not the > resulting size of the destination string. In an effort to remove strlcpy() > completely[2], replace strlcpy() here with strscpy(). > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy > [1] > Link: https://github.com/KSPP/linux/issues/89 [2] > Cc: Sumit Semwal <[email protected]> > Cc: "Christian König" <[email protected]> > Cc: Azeem Shaikh <[email protected]> > Cc: [email protected] > Cc: [email protected] > Cc: [email protected] > Signed-off-by: Kees Cook <[email protected]>
Reviewed-by: T.J. Mercier <[email protected]> strscpy returns -E2BIG when it truncates / force null-terminates which would provide the wrong argument for dynamic_dname, but dma_buf_set_name{_user} makes sure we have a null-terminated string of the appropriate maximum size in dmabuf->name.
