From: Kees Cook <keescook@chromium.org>
To: NitinGote <nitin.r.gote@intel.com>
Cc: joe@perches.com, corbet@lwn.net, akpm@linux-foundation.org,
apw@canonical.com, linux-doc@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v5] Documentation/checkpatch: Prefer strscpy/strscpy_pad over strcpy/strlcpy/strncpy
Date: Mon, 22 Jul 2019 10:30:29 -0700 [thread overview]
Message-ID: <201907221029.B0CBED4F@keescook> (raw)
In-Reply-To: <20190717043005.19627-1-nitin.r.gote@intel.com>
On Wed, Jul 17, 2019 at 10:00:05AM +0530, NitinGote wrote:
> From: Nitin Gote <nitin.r.gote@intel.com>
>
> Added check in checkpatch.pl to
> 1. Deprecate strcpy() in favor of strscpy().
> 2. Deprecate strlcpy() in favor of strscpy().
> 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad().
>
> Updated strncpy() section in Documentation/process/deprecated.rst
> to cover strscpy_pad() case.
>
> Signed-off-by: Nitin Gote <nitin.r.gote@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Joe, does this address your checkpatch concerns?
-Kees
> ---
> Documentation/process/deprecated.rst | 6 +++---
> scripts/checkpatch.pl | 24 ++++++++++++++++++++++++
> 2 files changed, 27 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> index 49e0f64a3427..c348ef9d44f5 100644
> --- a/Documentation/process/deprecated.rst
> +++ b/Documentation/process/deprecated.rst
> @@ -93,9 +93,9 @@ will be NUL terminated. This can lead to various linear read overflows
> and other misbehavior due to the missing termination. It also NUL-pads the
> destination buffer if the source contents are shorter than the destination
> buffer size, which may be a needless performance penalty for callers using
> -only NUL-terminated strings. The safe replacement is :c:func:`strscpy`.
> -(Users of :c:func:`strscpy` still needing NUL-padding will need an
> -explicit :c:func:`memset` added.)
> +only NUL-terminated strings. In this case, the safe replacement is
> +strscpy(). If, however, the destination buffer still needs NUL-padding,
> +the safe replacement is strscpy_pad().
>
> If a caller is using non-NUL-terminated strings, :c:func:`strncpy()` can
> still be used, but destinations should be marked with the `__nonstring
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index bb28b178d929..1bb12127115d 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -605,6 +605,20 @@ foreach my $entry (keys %deprecated_apis) {
> }
> $deprecated_apis_search = "(?:${deprecated_apis_search})";
>
> +our %deprecated_string_apis = (
> + "strcpy" => "strscpy",
> + "strlcpy" => "strscpy",
> + "strncpy" => "strscpy, strscpy_pad or for non-NUL-terminated strings, strncpy() can still be used, but destinations should be marked with __nonstring",
> +);
> +
> +#Create a search pattern for all these strings apis to speed up a loop below
> +our $deprecated_string_apis_search = "";
> +foreach my $entry (keys %deprecated_string_apis) {
> + $deprecated_string_apis_search .= '|' if ($deprecated_string_apis_search ne "");
> + $deprecated_string_apis_search .= $entry;
> +}
> +$deprecated_string_apis_search = "(?:${deprecated_string_apis_search})";
> +
> our $mode_perms_world_writable = qr{
> S_IWUGO |
> S_IWOTH |
> @@ -6446,6 +6460,16 @@ sub process {
> "Deprecated use of '$deprecated_api', prefer '$new_api' instead\n" . $herecurr);
> }
>
> +# check for string deprecated apis
> + if ($line =~ /\b($deprecated_string_apis_search)\b\s*\(/) {
> + my $deprecated_string_api = $1;
> + my $new_api = $deprecated_string_apis{$deprecated_string_api};
> + my $msg_level = \&WARN;
> + $msg_level = \&CHK if ($file);
> + &{$msg_level}("DEPRECATED_API",
> + "Deprecated use of '$deprecated_string_api', prefer '$new_api' instead\n" . $herecurr);
> + }
> +
> # check for various structs that are normally const (ops, kgdb, device_tree)
> # and avoid what seem like struct definitions 'struct foo {'
> if ($line !~ /\bconst\b/ &&
> --
> 2.17.1
>
--
Kees Cook
next prev parent reply other threads:[~2019-07-22 17:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-17 4:30 [PATCH v5] Documentation/checkpatch: Prefer strscpy/strscpy_pad over strcpy/strlcpy/strncpy NitinGote
2019-07-22 17:30 ` Kees Cook [this message]
2019-07-22 17:40 ` Joe Perches
2019-07-23 9:26 ` Gote, Nitin R
2019-07-24 18:17 ` Gote, Nitin R
2019-07-24 18:29 ` Joe Perches
2019-07-25 7:26 ` Gote, Nitin R
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201907221029.B0CBED4F@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=apw@canonical.com \
--cc=corbet@lwn.net \
--cc=joe@perches.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-doc@vger.kernel.org \
--cc=nitin.r.gote@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.