Message ID | 20230921-strncpy-drivers-input-rmi4-rmi_f34-c-v1-1-4aef2e84b8d2@google.com |
---|---|
State | Accepted |
Commit | 96609688ab8a8ec25c4eeced53e88e26cff4fb06 |
Headers | show |
Series | Input: synaptics-rmi4 - replace deprecated strncpy | expand |
On Thu, Sep 21, 2023 at 09:58:11AM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1] > > Let's use memcpy() as the bounds have already been checked and this > decays into a simple byte copy from one buffer to another removing any > ambiguity that strncpy has. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: build-tested only. > > Similar to Kees' suggestion here [2] > > [2]: https://lore.kernel.org/all/202309142045.7CBAE940E@keescook/ Agreed. This is best as memcpy. Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > --- > drivers/input/rmi4/rmi_f34.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/input/rmi4/rmi_f34.c b/drivers/input/rmi4/rmi_f34.c > index 0d9a5756e3f5..3b3ac71e53dc 100644 > --- a/drivers/input/rmi4/rmi_f34.c > +++ b/drivers/input/rmi4/rmi_f34.c > @@ -471,7 +471,7 @@ static ssize_t rmi_driver_update_fw_store(struct device *dev, > if (buf[count - 1] == '\0' || buf[count - 1] == '\n') > copy_count -= 1; > > - strncpy(fw_name, buf, copy_count); > + memcpy(fw_name, buf, copy_count); > fw_name[copy_count] = '\0'; > > ret = request_firmware(&fw, fw_name, dev); > > --- > base-commit: 2cf0f715623872823a72e451243bbf555d10d032 > change-id: 20230921-strncpy-drivers-input-rmi4-rmi_f34-c-4a6945316cea > > Best regards, > -- > Justin Stitt <justinstitt@google.com> >
On Thu, Sep 21, 2023 at 09:58:11AM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1] > > Let's use memcpy() as the bounds have already been checked and this > decays into a simple byte copy from one buffer to another removing any > ambiguity that strncpy has. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Applied, thank you.
diff --git a/drivers/input/rmi4/rmi_f34.c b/drivers/input/rmi4/rmi_f34.c index 0d9a5756e3f5..3b3ac71e53dc 100644 --- a/drivers/input/rmi4/rmi_f34.c +++ b/drivers/input/rmi4/rmi_f34.c @@ -471,7 +471,7 @@ static ssize_t rmi_driver_update_fw_store(struct device *dev, if (buf[count - 1] == '\0' || buf[count - 1] == '\n') copy_count -= 1; - strncpy(fw_name, buf, copy_count); + memcpy(fw_name, buf, copy_count); fw_name[copy_count] = '\0'; ret = request_firmware(&fw, fw_name, dev);
`strncpy` is deprecated for use on NUL-terminated destination strings [1] Let's use memcpy() as the bounds have already been checked and this decays into a simple byte copy from one buffer to another removing any ambiguity that strncpy has. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Note: build-tested only. Similar to Kees' suggestion here [2] [2]: https://lore.kernel.org/all/202309142045.7CBAE940E@keescook/ --- drivers/input/rmi4/rmi_f34.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: 2cf0f715623872823a72e451243bbf555d10d032 change-id: 20230921-strncpy-drivers-input-rmi4-rmi_f34-c-4a6945316cea Best regards, -- Justin Stitt <justinstitt@google.com>