* [PATCH] input/gscps2: Prefer strscpy over strlcpy
@ 2021-08-17 15:47 Len Baker
0 siblings, 0 replies; only message in thread
From: Len Baker @ 2021-08-17 15:47 UTC (permalink / raw)
To: James E.J. Bottomley, Helge Deller, Dmitry Torokhov
Cc: Len Baker, linux-parisc, linux-input, linux-kernel, Kees Cook,
linux-hardening
strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated. The safe
replacement is strscpy().
This is a previous step in the path to remove the strlcpy() function
entirely from the kernel [1].
[1] https://github.com/KSPP/linux/issues/89
Signed-off-by: Len Baker <len.baker@gmx.com>
---
drivers/input/serio/gscps2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/input/serio/gscps2.c b/drivers/input/serio/gscps2.c
index 2f9775de3c5b..cae74d0edb09 100644
--- a/drivers/input/serio/gscps2.c
+++ b/drivers/input/serio/gscps2.c
@@ -357,7 +357,7 @@ static int __init gscps2_probe(struct parisc_device *dev)
snprintf(serio->name, sizeof(serio->name), "gsc-ps2-%s",
(ps2port->id == GSC_ID_KEYBOARD) ? "keyboard" : "mouse");
- strlcpy(serio->phys, dev_name(&dev->dev), sizeof(serio->phys));
+ strscpy(serio->phys, dev_name(&dev->dev), sizeof(serio->phys));
serio->id.type = SERIO_8042;
serio->write = gscps2_write;
serio->open = gscps2_open;
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-17 15:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-17 15:47 [PATCH] input/gscps2: Prefer strscpy over strlcpy Len Baker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).