Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp1023403pxy; Sun, 1 Aug 2021 09:46:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwEHcW1NTAEnQ9tE+L3QTpHsSr9Yj5fotGykDpRqHxwgFFCWQYOothlJhhH2SO8E/A+RHWx X-Received: by 2002:a05:6e02:5a7:: with SMTP id k7mr6879638ils.283.1627836370176; Sun, 01 Aug 2021 09:46:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627836370; cv=none; d=google.com; s=arc-20160816; b=O5F3CJyWUT1WuF8sSc5rug6siBozZ84LMgKNlyBfZGkEyzR0JHGpBn7bB26ZSNcqom ETn+3zR1eLlTQN7zGlFypOdbNAfqmqVDP3dCH6TLoDk87xKvnc+g/Kw8h/2Gfn87kDOA eoATPMs2ZTphKHsoVfKY5Z/lOOhZFIM/epY3krbJcpk9vcqgwy6oaxWmR58ZhPUuCChE CRBMQWA/SARwMGIEZXbJM4fy/wirDITxiMf5i4rrXnbuFY9RJDRCOTRwbIvpQaF+IxUB hpHDLJodmcxS0YKlEy2miUEMXymsJe2796aU8axo1eItpnTzEXnHzc7y4F9jzgOVj0Pp 5NvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=8TRAzO2qCktPjRppwy4IGZL8LnPRoTAeJf0kTtS68B8=; b=HJJbG9IG0exbcnCRW6DsjQKBv9eMiZnlXNz7UqqXAoBVuQWIpAPvwceavtr6+A1pJf V7Ygbi2hsS0tFC23ktms4zrepkhVInmQOTgcBFYBR+GpFspYczcNY56TNiqHg46hUvfT raQkYY1k/SS2gJa+d6guNidYVhyQI7jZxLIgQp2h8GLXs/oF8/rtDlUJQ38u5cqLIG6v 1zKFPK2shZN/Eina2SVytMrtpPV1hnmxeZRGfMjROjy3Ko/4tMi3buWftkLKYqnkJmyn yTjq4Vtp12WMBAVEQujNTocKlsQYjCL0r7cwtvpneozf1q5akd/1ZxMrJtMXf52mVh8P HgwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n32si10118044ioz.15.2021.08.01.09.45.40; Sun, 01 Aug 2021 09:46:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229632AbhHAQj0 (ORCPT + 99 others); Sun, 1 Aug 2021 12:39:26 -0400 Received: from smtprelay0240.hostedemail.com ([216.40.44.240]:35230 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229540AbhHAQjZ (ORCPT ); Sun, 1 Aug 2021 12:39:25 -0400 Received: from omf18.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay01.hostedemail.com (Postfix) with ESMTP id 91D7E100E7B45; Sun, 1 Aug 2021 16:39:14 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf18.hostedemail.com (Postfix) with ESMTPA id 21D1F2EBFA0; Sun, 1 Aug 2021 16:39:13 +0000 (UTC) Message-ID: <922b0d99b6397adc44761abaed12c019dc0b9e88.camel@perches.com> Subject: Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy() From: Joe Perches To: "Russell King (Oracle)" , Len Baker Cc: Kees Cook , Dmitry Torokhov , Lee Jones , Uwe =?ISO-8859-1?Q?Kleine-K=F6nig?= , linux-hardening@vger.kernel.org, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org Date: Sun, 01 Aug 2021 09:39:11 -0700 In-Reply-To: <20210801145959.GI22278@shell.armlinux.org.uk> References: <20210801144316.12841-1-len.baker@gmx.com> <20210801145959.GI22278@shell.armlinux.org.uk> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.40.0-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.46 X-Rspamd-Server: rspamout04 X-Rspamd-Queue-Id: 21D1F2EBFA0 X-Stat-Signature: 3zsg9f1oosgq9iyxgipc88yjqiuu7997 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Session-ID: U2FsdGVkX1/uvB/xVXZpL4hqBJoKLjxFDsi/SPgzh/k= X-HE-Tag: 1627835953-921460 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2021-08-01 at 16:00 +0100, Russell King (Oracle) wrote: > On Sun, Aug 01, 2021 at 04:43:16PM +0200, Len Baker wrote: > > strcpy() performs no bounds checking on the destination buffer. This > > could result in linear overflows beyond the end of the buffer, leading > > to all kinds of misbehaviors. The safe replacement is strscpy(). > > > > Signed-off-by: Len Baker > > --- > > This is a task of the KSPP [1] > > > > [1] https://github.com/KSPP/linux/issues/88 > > > > ?drivers/input/keyboard/locomokbd.c | 2 +- > > ?1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/input/keyboard/locomokbd.c b/drivers/input/keyboard/locomokbd.c > > index dae053596572..dbb3dc48df12 100644 > > --- a/drivers/input/keyboard/locomokbd.c > > +++ b/drivers/input/keyboard/locomokbd.c > > @@ -254,7 +254,7 @@ static int locomokbd_probe(struct locomo_dev *dev) > > ? locomokbd->suspend_jiffies = jiffies; > > > > ? locomokbd->input = input_dev; > > - strcpy(locomokbd->phys, "locomokbd/input0"); > > + strscpy(locomokbd->phys, "locomokbd/input0", sizeof(locomokbd->phys)); > > So if the string doesn't fit, it's fine to silently truncate it? > > Rather than converting every single strcpy() in the kernel to > strscpy(), maybe there should be some consideration given to how the > issue of a strcpy() that overflows the buffer should be handled. > E.g. in the case of a known string such as the above, if it's longer > than the destination, should we find a way to make the compiler issue > a warning at compile time? >