LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] input/gscps2: Prefer strscpy over strlcpy
@ 2021-08-17 15:47 Len Baker
  0 siblings, 0 replies; only message in thread
From: Len Baker @ 2021-08-17 15:47 UTC (permalink / raw)
  To: James E.J. Bottomley, Helge Deller, Dmitry Torokhov
  Cc: Len Baker, linux-parisc, linux-input, linux-kernel, Kees Cook,
	linux-hardening

strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated. The safe
replacement is strscpy().

This is a previous step in the path to remove the strlcpy() function
entirely from the kernel [1].

[1] https://github.com/KSPP/linux/issues/89

Signed-off-by: Len Baker <len.baker@gmx.com>
---
 drivers/input/serio/gscps2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/input/serio/gscps2.c b/drivers/input/serio/gscps2.c
index 2f9775de3c5b..cae74d0edb09 100644
--- a/drivers/input/serio/gscps2.c
+++ b/drivers/input/serio/gscps2.c
@@ -357,7 +357,7 @@ static int __init gscps2_probe(struct parisc_device *dev)

 	snprintf(serio->name, sizeof(serio->name), "gsc-ps2-%s",
 		 (ps2port->id == GSC_ID_KEYBOARD) ? "keyboard" : "mouse");
-	strlcpy(serio->phys, dev_name(&dev->dev), sizeof(serio->phys));
+	strscpy(serio->phys, dev_name(&dev->dev), sizeof(serio->phys));
 	serio->id.type		= SERIO_8042;
 	serio->write		= gscps2_write;
 	serio->open		= gscps2_open;
--
2.25.1


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-08-17 15:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-17 15:47 [PATCH] input/gscps2: Prefer strscpy over strlcpy Len Baker

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).