Message ID | 20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-v1-1-bf69ec7d1b97@google.com |
---|---|
State | Superseded |
Headers | show |
Series | wifi: iwlwifi: fw: replace deprecated strncpy with strscpy | expand |
On Tue, Oct 17, 2023 at 09:58:44PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that > both dump_info->dev_human_readable and dump_info->bus_human_readable are > intended to be NUL-terminated. > > Neither of these symbols seem to be actually used after being assigned. > Which means our replacement doesn't really matter. At any rate, it would > seem NUL-padding is not required so let's use `strscpy` [2] due to the > fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. (but maybe these should be > used or removed). This appears to be crossing the file boundary. I would be more comfortable seeing strscpy_pad() used here just to make sure there is no behavior change at all. -Kees > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > index 3ab6a68f1e9f..5455f8d1aab0 100644 > --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > @@ -880,10 +880,10 @@ iwl_fw_error_dump_file(struct iwl_fw_runtime *fwrt, > cpu_to_le32(fwrt->trans->hw_rev_step); > memcpy(dump_info->fw_human_readable, fwrt->fw->human_readable, > sizeof(dump_info->fw_human_readable)); > - strncpy(dump_info->dev_human_readable, fwrt->trans->name, > - sizeof(dump_info->dev_human_readable) - 1); > - strncpy(dump_info->bus_human_readable, fwrt->dev->bus->name, > - sizeof(dump_info->bus_human_readable) - 1); > + strscpy(dump_info->dev_human_readable, fwrt->trans->name, > + sizeof(dump_info->dev_human_readable)); > + strscpy(dump_info->bus_human_readable, fwrt->dev->bus->name, > + sizeof(dump_info->bus_human_readable)); > dump_info->num_of_lmacs = fwrt->smem_cfg.num_lmacs; > dump_info->lmac_err_id[0] = > cpu_to_le32(fwrt->dump.lmac_err_id[0]); > > --- > base-commit: 58720809f52779dc0f08e53e54b014209d13eebb > change-id: 20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-1f49f00b8a2e > > Best regards, > -- > Justin Stitt <justinstitt@google.com> > >
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c index 3ab6a68f1e9f..5455f8d1aab0 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c @@ -880,10 +880,10 @@ iwl_fw_error_dump_file(struct iwl_fw_runtime *fwrt, cpu_to_le32(fwrt->trans->hw_rev_step); memcpy(dump_info->fw_human_readable, fwrt->fw->human_readable, sizeof(dump_info->fw_human_readable)); - strncpy(dump_info->dev_human_readable, fwrt->trans->name, - sizeof(dump_info->dev_human_readable) - 1); - strncpy(dump_info->bus_human_readable, fwrt->dev->bus->name, - sizeof(dump_info->bus_human_readable) - 1); + strscpy(dump_info->dev_human_readable, fwrt->trans->name, + sizeof(dump_info->dev_human_readable)); + strscpy(dump_info->bus_human_readable, fwrt->dev->bus->name, + sizeof(dump_info->bus_human_readable)); dump_info->num_of_lmacs = fwrt->smem_cfg.num_lmacs; dump_info->lmac_err_id[0] = cpu_to_le32(fwrt->dump.lmac_err_id[0]);
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that both dump_info->dev_human_readable and dump_info->bus_human_readable are intended to be NUL-terminated. Neither of these symbols seem to be actually used after being assigned. Which means our replacement doesn't really matter. At any rate, it would seem NUL-padding is not required so let's use `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. (but maybe these should be used or removed). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Note: build-tested only. Found with: $ rg "strncpy\(" --- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- base-commit: 58720809f52779dc0f08e53e54b014209d13eebb change-id: 20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-1f49f00b8a2e Best regards, -- Justin Stitt <justinstitt@google.com>