Date: Wed, 3 Jul 2019 09:49:02 -0700 From: Kees Cook <keescook@...omium.org> To: Nitin Gote <nitin.r.gote@...el.com> Cc: jannh@...gle.com, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH v2] checkpatch: Added warnings in favor of strscpy(). On Wed, Jul 03, 2019 at 11:50:14AM +0530, Nitin Gote wrote: > Added warnings in checkpatch.pl script to : > > 1. Deprecate strcpy() in favor of strscpy(). > 2. Deprecate strlcpy() in favor of strscpy(). > 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad(). > > Updated strncpy() section in Documentation/process/deprecated.rst > to cover strscpy_pad() case. > > Signed-off-by: Nitin Gote <nitin.r.gote@...el.com> Acked-by: Kees Cook <keescook@...omium.org> This looks good. I think you're ready for sending this upstream. Please see: https://www.kernel.org/doc/html/latest/process/submitting-patches.html The To: should likely be: Andrew Morton <akpm@...ux-foundation.org> and I recommend CC to: Jonathan Corbet <corbet@....net> Andy Whitcroft <apw@...onical.com> Joe Perches <joe@...ches.com> linux-doc@...r.kernel.org linux-kernel@...r.kernel.org kernel-hardening@...ts.openwall.com Thanks! -Kees > --- > Documentation/process/deprecated.rst | 6 +++--- > scripts/checkpatch.pl | 4 ++++ > 2 files changed, 7 insertions(+), 3 deletions(-) > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > index 49e0f64..f564de3 100644 > --- a/Documentation/process/deprecated.rst > +++ b/Documentation/process/deprecated.rst > @@ -93,9 +93,9 @@ will be NUL terminated. This can lead to various linear read overflows > and other misbehavior due to the missing termination. It also NUL-pads the > destination buffer if the source contents are shorter than the destination > buffer size, which may be a needless performance penalty for callers using > -only NUL-terminated strings. The safe replacement is :c:func:`strscpy`. > -(Users of :c:func:`strscpy` still needing NUL-padding will need an > -explicit :c:func:`memset` added.) > +only NUL-terminated strings. In this case, the safe replacement is > +:c:func:`strscpy`. If, however, the destination buffer still needs > +NUL-padding, the safe replacement is :c:func:`strscpy_pad`. > > If a caller is using non-NUL-terminated strings, :c:func:`strncpy()` can > still be used, but destinations should be marked with the `__nonstring > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index 342c7c7..2ce2340 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -595,6 +595,10 @@ our %deprecated_apis = ( > "rcu_barrier_sched" => "rcu_barrier", > "get_state_synchronize_sched" => "get_state_synchronize_rcu", > "cond_synchronize_sched" => "cond_synchronize_rcu", > + "strcpy" => "strscpy", > + "strlcpy" => "strscpy", > + "strncpy" => "strscpy, strscpy_pad or for non-NUL-terminated strings, > + strncpy() can still be used, but destinations should be marked with the __nonstring", > ); > > #Create a search pattern for all these strings to speed up a loop below > -- > 2.7.4 -- Kees Cook
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.