[PATCH] drivers/soc: Remove all strcpy() uses in favor of strscpy()

Robin Murphy robin.murphy at arm.com
Wed Jul 28 02:36:09 PDT 2021 

On 2021-07-28 09:36, David Laight wrote:
> From: Geert Uytterhoeven
>> Sent: 26 July 2021 09:03
>>
>> Hi Len,
>>
>> On Sun, Jul 25, 2021 at 5:15 PM Len Baker <len.baker at gmx.com> wrote:
>>> strcpy() performs no bounds checking on the destination buffer. This
>>> could result in linear overflows beyond the end of the buffer, leading
>>> to all kinds of misbehaviors. The safe replacement is strscpy().
>>>
>>> Signed-off-by: Len Baker <len.baker at gmx.com>
>>
>> Thanks for your patch!
>>
>>> ---
>>> This is a task of the KSPP [1]
>>>
>>> [1] https://github.com/KSPP/linux/issues/88
>>
>> Any chance the almost one year old question in that ticket can be
>> answered?
>>
>>>   drivers/soc/renesas/rcar-sysc.c     |  6 ++++--
>>
>> Reviewed-by: Geert Uytterhoeven <geert+renesas at glider.be>
>>
>> But please see my comments below...
>>
>>> --- a/drivers/soc/renesas/r8a779a0-sysc.c
>>> +++ b/drivers/soc/renesas/r8a779a0-sysc.c
>>> @@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void)
>>>          for (i = 0; i < info->num_areas; i++) {
>>>                  const struct r8a779a0_sysc_area *area = &info->areas[i];
>>>                  struct r8a779a0_sysc_pd *pd;
>>> +               size_t area_name_size;
>>
>> I wouldn't mind a shorter name, like "n".
>>
>>>
>>>                  if (!area->name) {
>>>                          /* Skip NULLified area */
>>>                          continue;
>>>                  }
>>>
>>> -               pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
>>> +               area_name_size = strlen(area->name) + 1;
>>> +               pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL);
>>>                  if (!pd) {
>>>                          error = -ENOMEM;
>>>                          goto out_put;
>>>                  }
>>>
>>> -               strcpy(pd->name, area->name);
>>> +               strscpy(pd->name, area->name, area_name_size);
> 
> You can just use memcpy().

Indeed. In fact I'd go as far as saying that it might be worth teaching 
static checkers to recognise patterns that boil down to strscpy(dst, 
src, strlen(src) + 1) and flag them as suspect, because AFAICS that 
would always represent either an unnecessarily elaborate memcpy(), or 
far worse just an obfuscated strcpy().

Robin.

More information about the linux-arm-kernel mailing list