From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC0B8C4338F for ; Sun, 1 Aug 2021 16:39:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A2768610A0 for ; Sun, 1 Aug 2021 16:39:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229596AbhHAQj0 (ORCPT ); Sun, 1 Aug 2021 12:39:26 -0400 Received: from smtprelay0240.hostedemail.com ([216.40.44.240]:35230 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229540AbhHAQjZ (ORCPT ); Sun, 1 Aug 2021 12:39:25 -0400 Received: from omf18.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay01.hostedemail.com (Postfix) with ESMTP id 91D7E100E7B45; Sun, 1 Aug 2021 16:39:14 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf18.hostedemail.com (Postfix) with ESMTPA id 21D1F2EBFA0; Sun, 1 Aug 2021 16:39:13 +0000 (UTC) Message-ID: <922b0d99b6397adc44761abaed12c019dc0b9e88.camel@perches.com> Subject: Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy() From: Joe Perches To: "Russell King (Oracle)" , Len Baker Cc: Kees Cook , Dmitry Torokhov , Lee Jones , Uwe =?ISO-8859-1?Q?Kleine-K=F6nig?= , linux-hardening@vger.kernel.org, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org Date: Sun, 01 Aug 2021 09:39:11 -0700 In-Reply-To: <20210801145959.GI22278@shell.armlinux.org.uk> References: <20210801144316.12841-1-len.baker@gmx.com> <20210801145959.GI22278@shell.armlinux.org.uk> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.40.0-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspamout04 X-Rspamd-Queue-Id: 21D1F2EBFA0 X-Stat-Signature: 3zsg9f1oosgq9iyxgipc88yjqiuu7997 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Session-ID: U2FsdGVkX1/uvB/xVXZpL4hqBJoKLjxFDsi/SPgzh/k= X-HE-Tag: 1627835953-921460 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org On Sun, 2021-08-01 at 16:00 +0100, Russell King (Oracle) wrote: > On Sun, Aug 01, 2021 at 04:43:16PM +0200, Len Baker wrote: > > strcpy() performs no bounds checking on the destination buffer. This > > could result in linear overflows beyond the end of the buffer, leading > > to all kinds of misbehaviors. The safe replacement is strscpy(). > > > > Signed-off-by: Len Baker > > --- > > This is a task of the KSPP [1] > > > > [1] https://github.com/KSPP/linux/issues/88 > > > >  drivers/input/keyboard/locomokbd.c | 2 +- > >  1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/input/keyboard/locomokbd.c b/drivers/input/keyboard/locomokbd.c > > index dae053596572..dbb3dc48df12 100644 > > --- a/drivers/input/keyboard/locomokbd.c > > +++ b/drivers/input/keyboard/locomokbd.c > > @@ -254,7 +254,7 @@ static int locomokbd_probe(struct locomo_dev *dev) > >   locomokbd->suspend_jiffies = jiffies; > > > >   locomokbd->input = input_dev; > > - strcpy(locomokbd->phys, "locomokbd/input0"); > > + strscpy(locomokbd->phys, "locomokbd/input0", sizeof(locomokbd->phys)); > > So if the string doesn't fit, it's fine to silently truncate it? > > Rather than converting every single strcpy() in the kernel to > strscpy(), maybe there should be some consideration given to how the > issue of a strcpy() that overflows the buffer should be handled. > E.g. in the case of a known string such as the above, if it's longer > than the destination, should we find a way to make the compiler issue > a warning at compile time? >