[PATCH v4 0/3] drivers/soc: Remove all strcpy() uses
Len Baker
len.baker at gmx.com
Sun Aug 8 05:50:09 PDT 2021
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. So use strscpy() or memcpy() as a safe
replacement.
This is a task of the KSPP [1].
Changelog v1 -> v2
- Change the "area_name_size" variable for a shorter name (Geert
Uytterhoeven).
- Add the "Reviewed-by: Geert Uytterhoeven" tag.
- Use the memcpy function instead of strscpy function when the
size of the destination buffer cannot be obtained with "sizeof"
(David Laight, Robin Murphy).
Changelog v2 -> v3
- Remove the "Reviewed-by: Geert Uytterhoeven" tag since the code
has changed after the v1 review (use of memcpy instead of
strscpy).
Changelog v3 -> v4
- Split the changes in 3 commits (Bjorn Andersson).
- Don't break a long line (Bjorn Andersson).
- Reword the commit when used the memcpy function (Bjorn Andersson)
The previous version can be found here [2].
[1] https://github.com/KSPP/linux/issues/88
[2] https://lore.kernel.org/linux-hardening/20210801131958.6144-1-len.baker@gmx.com/
Len Baker (3):
drivers/soc/qcom: Prefer strscpy over strcpy
drivers/soc/renesas: Prefer memcpy over strcpy
drivers/soc/ti: Prefer strscpy over strcpy
drivers/soc/qcom/pdr_interface.c | 12 ++++++------
drivers/soc/renesas/r8a779a0-sysc.c | 6 ++++--
drivers/soc/renesas/rcar-sysc.c | 6 ++++--
drivers/soc/ti/knav_dma.c | 2 +-
4 files changed, 15 insertions(+), 11 deletions(-)
--
2.25.1
More information about the linux-arm-kernel
mailing list