`strncpy` is deprecated for use on NUL-terminated destination strings [1].
A suitable replacement is `strscpy` [2] due to the fact that it
guarantees NUL-termination on its destination buffer argument which is
_not_ the case for `strncpy`!
It should be noted that the destination buffer is zero-initialized and
had a max length of `sizeof(dest) - 1`. There is likely _not_ a bug
present in the current implementation. However, by switching to
`strscpy` we get the benefit of no longer needing the `- 1`'s from the
string copy invocations on top of `strscpy` being a safer interface all
together.
[1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[2]: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
if (!strcmp(domainname, "parent")) {
char *cp;
- strncpy(ee->tmp, old_domain->domainname->name,
- TOMOYO_EXEC_TMPSIZE - 1);
+ strscpy(ee->tmp, old_domain->domainname->name, TOMOYO_EXEC_TMPSIZE);
cp = strrchr(ee->tmp, ' ');
if (cp)
*cp = '\0';
} else if (*domainname == '<')
- strncpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE - 1);
+ strscpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE);
else
snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
old_domain->domainname->name, domainname);
projects / platform / kernel / linux-rpi.git / commitdiff