Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp34749696rwd; Sun, 9 Jul 2023 19:47:11 -0700 (PDT) X-Google-Smtp-Source: APBJJlGjVbLbQhflVuvBfksTCS/qLM1kPOoSZ5GdRiDGcsdgc+IK3c+JAmfz5MS4l/RD86gE34nX X-Received: by 2002:a17:906:9c4f:b0:991:d05c:f065 with SMTP id fg15-20020a1709069c4f00b00991d05cf065mr10674045ejc.52.1688957231183; Sun, 09 Jul 2023 19:47:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688957231; cv=none; d=google.com; s=arc-20160816; b=fn7AfnlWhSSOoDenCM8xuarRT2MrK2UA8uoFBTyS5ga8acIyp3sn5A95uu3tenQWty RL5CCLxBJ2CDCjHGtvl1P9Ea0gHQIZiHiSunovdVe9US9NfhMaK507A6sujRgkBwJDeK kINpIBWBEM5w1+ld45TIVLtBoOQdeUeP5qiCrsEGu4nvAP8PmIf0ifpV3lO9gfQ6CHsP uyoO4DDOGp/DHv+xC7mUMzX2UIPNvtviMHadvZOop0rZrCyh+r4QFZZiisYjpfGrN0TN 0VHu09fz1dF+w5OK8XatbJA0wmFvKGjrDX4BTGmMoBSUck4ntNrFEsDaInFE18bIbiEW Nldg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=6mF3L96LoTnWx2MEvXwnNhJXYkCF7/EN50oM+cK6gkY=; fh=8moB2OhfQuOTKMOnNZGUgUuBUMsTNNXUUV1vk1VpyPk=; b=SCnVVz9dvJqcc4vD7eg2tu7c0iBImgzw7bt4ixf8H0uOriOPYsknouvaCk+bknZIYA JnFIYQPUGF+cFykd/P+apHh9sChVZD2eMqPHUNn97nQNPdI0hf5dj3Pm8TwU/NKVec3M b/5NznDZ9YRxRBZZt1gr4THHmA7h587MQRVsueLOMrrQCDtfpkD+3Z+yjIZm41+fWUQC 0VtmtfBtRXWewVWoHJ/BSZ94Bco17dy24u9ekNOwqUelAHMm2NYLJLtDg54YcQEj5r7B tDolNVev7XNTPaharyRLh4pV53Ai1+vjOpNAejYshPpgS5LffQcb3isiaAWmg5kNpTZM 9gGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=WRw0UaQi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gz11-20020a170906f2cb00b009937af8ac4asi6404410ejb.241.2023.07.09.19.46.48; Sun, 09 Jul 2023 19:47:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=WRw0UaQi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230258AbjGJCgA (ORCPT + 99 others); Sun, 9 Jul 2023 22:36:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229554AbjGJCf7 (ORCPT ); Sun, 9 Jul 2023 22:35:59 -0400 Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54D72E0; Sun, 9 Jul 2023 19:35:58 -0700 (PDT) Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-57023c9be80so48020257b3.3; Sun, 09 Jul 2023 19:35:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688956557; x=1691548557; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6mF3L96LoTnWx2MEvXwnNhJXYkCF7/EN50oM+cK6gkY=; b=WRw0UaQiekWxZPXDwkitHOIuxH2s6UHIsbZEgRkEdA6rCSYl96U7eWiGWscQ6qsUTC gJV2rzrpDX6nxHsonY90dPDsKVFY+CGn81JqgnP1xB2JvjH98+rQhh/3KhaeMD4UnUc/ 6XsxiSp+iq410adY0PfarKUskq7/45cLJ2Ffz9OG1f0QyMsMOJlndzVlkXdBlGQyEGA8 bCRwlJKBCClIni+Npc60hI+yK4L9n3KePYeOXwOogMKevsQpC5o83OTL59p5vU8Cg6Rc EbBAxkKQ/VshaA8wHUl9D0GGLqRZ4Yg6bUjtLiBUcD/kGytJmiN8v6FF1lCV4ru4vqH1 JlxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688956557; x=1691548557; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6mF3L96LoTnWx2MEvXwnNhJXYkCF7/EN50oM+cK6gkY=; b=CzEFOMd6UQ0O3CFYorS/4VmiMWq3zVsdPg3c1BpXHOBj5mpe7KyYGWAssQRpqYVZM0 rM5eK1yRfMy5+cURLFtYDp5T4M5+wkGi/XPtlQacAc8KzsHEHKtSxOgNKvB/Xp/oV11O I08EhizniDN/IkEpbLwzFn5BrQ6aUU3XTPcTnHgAZkLLNpmhh1xhV1pzvY/vmrGDlhcq JKcSCQ/LpFqPkjvKS6BPanpbJgMBz3If6Wpy1/0qVGGHxdpUB1Scr+9TN4xmAk2tOpcS IpTMIUL9BrVeNOmYlUCFYazbsM2UkZjHJrcMEfvepzG8yt8/WYbpvAm+LW7Ur+wR9pET ExWw== X-Gm-Message-State: ABy/qLZ4XcJPjWvfRz7/uQw0op3+N2ZYZJ9hkYTtviQLgIMGjuZ1apTS nvTrMS/cvqPYhHsVDac59YGM19bH3rvLyQoD8ncseDUaDvg= X-Received: by 2002:a81:a001:0:b0:577:f47:3d92 with SMTP id x1-20020a81a001000000b005770f473d92mr10556370ywg.23.1688956557447; Sun, 09 Jul 2023 19:35:57 -0700 (PDT) MIME-Version: 1.0 References: <20230523021425.2406309-1-azeemshaikh38@gmail.com> <202305231020.37C95FD@keescook> In-Reply-To: <202305231020.37C95FD@keescook> From: Azeem Shaikh Date: Sun, 9 Jul 2023 22:35:46 -0400 Message-ID: Subject: Re: [PATCH] soc: fsl: qe: Replace all non-returning strlcpy with strscpy To: Kees Cook Cc: Qiang Zhao , linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Li Yang , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 23, 2023 at 1:20=E2=80=AFPM Kees Cook w= rote: > > On Tue, May 23, 2023 at 02:14:25AM +0000, Azeem Shaikh wrote: > > strlcpy() reads the entire source buffer first. > > This read may exceed the destination size limit. > > This is both inefficient and can lead to linear read > > overflows if a source string is not NUL-terminated [1]. > > In an effort to remove strlcpy() completely [2], replace > > strlcpy() here with strscpy(). > > No return values were used, so direct replacement is safe. > > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strl= cpy > > [2] https://github.com/KSPP/linux/issues/89 > > > > Signed-off-by: Azeem Shaikh > > Reviewed-by: Kees Cook > Friendly ping on this.