[PATCH] wifi: mt76: Replace strlcpy with strscpy

Kees Cook keescook at chromium.org
Thu Jul 27 10:02:28 PDT 2023


On Tue, Jul 18, 2023 at 12:38:37AM -0400, Azeem Shaikh wrote:
> On Wed, Jul 12, 2023 at 7:54 PM Kees Cook <keescook at chromium.org> wrote:
> >
> > On Mon, Jul 03, 2023 at 06:12:56PM +0000, Azeem Shaikh wrote:
> > > strlcpy() reads the entire source buffer first.
> > > This read may exceed the destination size limit.
> > > This is both inefficient and can lead to linear read
> > > overflows if a source string is not NUL-terminated [1].
> > > In an effort to remove strlcpy() completely [2], replace
> > > strlcpy() here with strscpy().
> > >
> > > Direct replacement is safe here since DEV_ASSIGN is only used by
> > > TRACE macros and the return values are ignored.
> > >
> > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > > [2] https://github.com/KSPP/linux/issues/89
> > >
> > > Signed-off-by: Azeem Shaikh <azeemshaikh38 at gmail.com>
> >
> > Looks good -- thing is using return values from the macros.
> 
> Just to confirm, you mean *not* using return values from the macros?

I thought I'd replied to this, but I see it didn't happen: yes, I meant
"not using return values". Sorry for the confusion!

-- 
Kees Cook



More information about the Linux-mediatek mailing list