Received: by 2002:a05:6a10:c7d3:0:0:0:0 with SMTP id h19csp1071847pxy; Sun, 15 Aug 2021 08:57:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxEhdaJBuQI1K+qZWmUoo/HBLXCFxJC4AJvQrFBXSQ05S3+9x5mdQIb5z/a68r4ZEK1+CQr X-Received: by 2002:a6b:fb07:: with SMTP id h7mr2726425iog.201.1629043054004; Sun, 15 Aug 2021 08:57:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629043053; cv=none; d=google.com; s=arc-20160816; b=yPBYGeF7PydPOFhDCqgDqeXvxcbE1uuli0TzQmyP4eeX+tZViV5Mxy3p4sTHv6Qx12 YLbZAks7ytkcGnIPjz+1bJjeXyPY6+kSedHFOjd9ZvkCD1e5hYTXSnYQuDbrcByW7x+M /XJofBp//ckhzveVxkwUK3W/9ZW3msSZsxBP6lTtDfBSe11j79BVJsoS2GR8Yc0CMQJQ QnLBy0EEuyyTa5rsMt508rzVQKBWBmuxbsV+KNPGXV6oHgTSgtC+AJNFVYZ3bprHh9Xc 8qQ9h+o5fenMaTBvaFoXU5B1IDyXkqj/cheQeotfkq4waGPDc31RU80T+5K4ss5Jl18P aLvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=FB6BWj8WTbWBRusLdxbBhZoOoL6gETICALf9iK0a4Gw=; b=dJYsDfOpYwnrsEd1b1/cnbDXzyOrmJak3y6ZtB+Sehu8kAffrBbfyaRNwgqz/95Mas PvMR0rB0i69P+ZcOSxHD3Hvrxemts913PaIY2EL16rjS/iuJ1fisx//R2HwUMnsgJ8I6 pzCpAjl42v0m7M6A4DMpGKBN+MTpU6GL/WrbwhOrEh2y5gUxztYwvXggoKXVqszFHMD3 wqMNuX7DIcJIANjIHbDrapl7tNTMoVAZQCUlG3Zd3xs779jNMoAFzPo9z7+pQa1DZFeL VUFDQE1W2nndlSrXf/OHrodm6m+jL+yZxzgfFtVr9CdQVdXgMsUytGqqtvDIvZV4smKS 4pVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w24si8463920jal.110.2021.08.15.08.57.22; Sun, 15 Aug 2021 08:57:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238382AbhHOP5N (ORCPT + 99 others); Sun, 15 Aug 2021 11:57:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:51360 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238473AbhHOP5K (ORCPT ); Sun, 15 Aug 2021 11:57:10 -0400 Received: from jic23-huawei (cpc108967-cmbg20-2-0-cust86.5-4.cable.virginm.net [81.101.6.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2A87C61157; Sun, 15 Aug 2021 15:56:33 +0000 (UTC) Date: Sun, 15 Aug 2021 16:59:32 +0100 From: Jonathan Cameron To: Len Baker Cc: Andy Shevchenko , Lars-Peter Clausen , David Laight , Kees Cook , linux-hardening@vger.kernel.org, linux-iio , Linux Kernel Mailing List Subject: Re: [PATCH v4] drivers/iio: Remove all strcpy() uses Message-ID: <20210815165932.2e66a04d@jic23-huawei> In-Reply-To: <20210815154555.6770bc8d@jic23-huawei> References: <20210814135509.4500-1-len.baker@gmx.com> <20210815081949.GA1664@titan> <20210815154555.6770bc8d@jic23-huawei> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 15 Aug 2021 15:45:55 +0100 Jonathan Cameron wrote: > On Sun, 15 Aug 2021 10:19:49 +0200 > Len Baker wrote: > > > Hi Andy, > > > > On Sat, Aug 14, 2021 at 10:36:18PM +0300, Andy Shevchenko wrote: > > > On Sat, Aug 14, 2021 at 4:55 PM Len Baker wrote: > > > > > > > > strcpy() performs no bounds checking on the destination buffer. This > > > > could result in linear overflows beyond the end of the buffer, leading > > > > to all kinds of misbehaviors. So, remove all the uses and add > > > > devm_kstrdup() or devm_kasprintf() instead. > > > > > > > > This patch is an effort to clean up the proliferation of str*() > > > > functions in the kernel and a previous step in the path to remove > > > > the strcpy function from the kernel entirely [1]. > > > > > > > > [1] https://github.com/KSPP/linux/issues/88 > > > > > > Thank you very much for doing this! > > > Now I like the result, > Agreed and applied to the togreg branch of iio.git, pushed out as testing > for 0-day to poke at it and see if we missed anything. Dropped it for now so that Joe's comment can be addressed / discussed. Jonathan > > Thanks, > > Jonathan > > > Reviewed-by: Andy Shevchenko > > > > > Thank you too Andy (and folks) for your help on this. > > > > Regards, > > Len >