Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp87967rwd;
        Wed, 14 Jun 2023 12:36:43 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ7azu7oKAuc+k6ttI1Y/V4My7o2TWAN1z9bg5bfKGKF3vavJo0Su5qVpiw/mjkOsABGYPCl
X-Received: by 2002:a17:902:a9c7:b0:1b3:dbaa:f3fb with SMTP id b7-20020a170902a9c700b001b3dbaaf3fbmr5823574plr.22.1686771403184;
        Wed, 14 Jun 2023 12:36:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686771403; cv=none;
        d=google.com; s=arc-20160816;
        b=OMN9DAJsoc+T6jc8vdayAZlp48IRIB/OzSZiYnQaAUJbYXJU2B6sob7nt+5tEr85TN
         2akpu+nIwwoJ7zrLwOFk/ihhbT2lKlb0xkS14jzsO3xbZ2OECD2x/90AqY3I6elpARsT
         lo55Tg5P0FQzWViNwf1Ejiv0DJ+ClWgv2KakZzClvKU2Ri6F1v7kewQUW8ymEdVRuywT
         g5Kezfx3f1vppu9y9bdEeXJQ3D/9hB9ZlKGmYsAqnBHCbWzfBwsVCS+Kw4G5Jrxtb2Dy
         eBDK53iRZci17thp5MED6rup5GnvrYIhKkvMfZWr5zy4c5QCdSKx3Q11gECaGBiywsnu
         8tGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:references:in-reply-to:date:cc:to:from
         :subject:message-id;
        bh=LmDM6T87bF5EiOq2qdqY9muPTlrUon9aHruqFiF8liI=;
        b=eaq8o3vsu3uq1Z7ZsV7WQ93OdXUI9f+MYQUVp5Zc5Al4diAqwYh9IcoCadRxXkMIHV
         VXCadP8BtSYNf1zYkPxrUHj4f978cFKfym71Hkuw6E9RRmmj5hpaLyhdPFXYtSwvt+e9
         pV20LDbcuUDqUHpCeLCHDj8QYEfh2kjLbjhyw37kQJ9zf1lbZSDAPwgkCWBM+CfT9lK3
         BSSH5XJLhXjeFVedUMS+cH0LzT7r7RXRt5pn7u01+eLFTpPPe/IWV/+HhNSKZB9/H2f1
         GfwpahzL1XqcR2rTF02xRf7ChkmBJ8qSC2M/wGXi2/Dnw9AE9h8oV2Yd5OQD2U7Ip/Eq
         IDSA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id j15-20020a170902da8f00b001aaeed1a0e3si6001161plx.487.2023.06.14.12.36.30;
        Wed, 14 Jun 2023 12:36:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236144AbjFNTWh convert rfc822-to-8bit (ORCPT
        <rfc822;agostinomirone@gmail.com> + 99 others);
        Wed, 14 Jun 2023 15:22:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48836 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236034AbjFNTWe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Jun 2023 15:22:34 -0400
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B27FB2688;
        Wed, 14 Jun 2023 12:22:17 -0700 (PDT)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69])
          by outpost.zedat.fu-berlin.de (Exim 4.95)
          with esmtps (TLS1.3)
          tls TLS_AES_256_GCM_SHA384
          (envelope-from <glaubitz@zedat.fu-berlin.de>)
          id 1q9W4J-002h2e-VO; Wed, 14 Jun 2023 21:22:11 +0200
Received: from p57bd9486.dip0.t-ipconnect.de ([87.189.148.134] helo=[192.168.178.81])
          by inpost2.zedat.fu-berlin.de (Exim 4.95)
          with esmtpsa (TLS1.3)
          tls TLS_AES_256_GCM_SHA384
          (envelope-from <glaubitz@physik.fu-berlin.de>)
          id 1q9W4J-0012VE-Ny; Wed, 14 Jun 2023 21:22:11 +0200
Message-ID: <587a0964b4e2832840197f37a2340a6176a51738.camel@physik.fu-berlin.de>
Subject: Re: [PATCH] sh: Replace all non-returning strlcpy with strscpy
From:   John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To:     Azeem Shaikh <azeemshaikh38@gmail.com>,
        Yoshinori Sato <ysato@users.sourceforge.jp>,
        Rich Felker <dalias@libc.org>
Cc:     linux-hardening@vger.kernel.org, linux-sh@vger.kernel.org,
        linux-kernel@vger.kernel.org, Randy Dunlap <rdunlap@infradead.org>
Date:   Wed, 14 Jun 2023 21:22:11 +0200
In-Reply-To: <20230530163041.985456-1-azeemshaikh38@gmail.com>
References: <20230530163041.985456-1-azeemshaikh38@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8BIT
User-Agent: Evolution 3.48.3 
MIME-Version: 1.0
X-Original-Sender: glaubitz@physik.fu-berlin.de
X-Originating-IP: 87.189.148.134
X-ZEDAT-Hint: PO
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2023-05-30 at 16:30 +0000, Azeem Shaikh wrote:
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
> 
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
> 
> Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
> ---
>  arch/sh/drivers/dma/dma-api.c |    2 +-
>  arch/sh/kernel/setup.c        |    4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/sh/drivers/dma/dma-api.c b/arch/sh/drivers/dma/dma-api.c
> index ab9170494dcc..89cd4a3b4cca 100644
> --- a/arch/sh/drivers/dma/dma-api.c
> +++ b/arch/sh/drivers/dma/dma-api.c
> @@ -198,7 +198,7 @@ int request_dma(unsigned int chan, const char *dev_id)
>  	if (atomic_xchg(&channel->busy, 1))
>  		return -EBUSY;
>  
> -	strlcpy(channel->dev_id, dev_id, sizeof(channel->dev_id));
> +	strscpy(channel->dev_id, dev_id, sizeof(channel->dev_id));
>  
>  	if (info->ops->request) {
>  		result = info->ops->request(channel);
> diff --git a/arch/sh/kernel/setup.c b/arch/sh/kernel/setup.c
> index af977ec4ca5e..e4f0f9a1d355 100644
> --- a/arch/sh/kernel/setup.c
> +++ b/arch/sh/kernel/setup.c
> @@ -304,9 +304,9 @@ void __init setup_arch(char **cmdline_p)
>  	bss_resource.end = virt_to_phys(__bss_stop)-1;
>  
>  #ifdef CONFIG_CMDLINE_OVERWRITE
> -	strlcpy(command_line, CONFIG_CMDLINE, sizeof(command_line));
> +	strscpy(command_line, CONFIG_CMDLINE, sizeof(command_line));
>  #else
> -	strlcpy(command_line, COMMAND_LINE, sizeof(command_line));
> +	strscpy(command_line, COMMAND_LINE, sizeof(command_line));
>  #ifdef CONFIG_CMDLINE_EXTEND
>  	strlcat(command_line, " ", sizeof(command_line));
>  	strlcat(command_line, CONFIG_CMDLINE, sizeof(command_line));

Acked-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913