From: Kees Cook <keescook@chromium.org>
To: Joe Perches <joe@perches.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
clang-built-linux <clang-built-linux@googlegroups.com>,
stable <stable@vger.kernel.org>, Andy Lavr <andy.lavr@gmail.com>,
Arvind Sankar <nivedita@alum.mit.edu>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Sami Tolvanen <samitolvanen@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Alexandru Ardelean <alexandru.ardelean@analog.com>,
Yury Norov <yury.norov@gmail.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3] lib/string.c: implement stpcpy
Date: Wed, 26 Aug 2020 19:33:45 -0700 [thread overview]
Message-ID: <202008261932.FF4E5C0@keescook> (raw)
In-Reply-To: <77428f28620d4e5ecad1556396f2b0f8f0daef41.camel@perches.com>
On Wed, Aug 26, 2020 at 04:57:41PM -0700, Joe Perches wrote:
> On Wed, 2020-08-26 at 16:38 -0700, Kees Cook wrote:
> > On Thu, Aug 27, 2020 at 07:59:45AM +0900, Masahiro Yamada wrote:
> []
> > > OK, then stpcpy(), strcpy() and sprintf()
> > > have the same level of unsafety.
> >
> > Yes. And even snprintf() is dangerous because its return value is how
> > much it WOULD have written, which when (commonly) used as an offset for
> > further pointer writes, causes OOB writes too. :(
> > https://github.com/KSPP/linux/issues/105
> >
> > > strcpy() is used everywhere.
> >
> > Yes. It's very frustrating, but it's not an excuse to continue
> > using it nor introducing more bad APIs.
> >
> > $ git grep '\bstrcpy\b' | wc -l
> > 2212
> > $ git grep '\bstrncpy\b' | wc -l
> > 751
> > $ git grep '\bstrlcpy\b' | wc -l
> > 1712
> >
> > $ git grep '\bstrscpy\b' | wc -l
> > 1066
> >
> > https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy
> > https://github.com/KSPP/linux/issues/88
> >
> > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
> > https://github.com/KSPP/linux/issues/89
> >
> > https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> > https://github.com/KSPP/linux/issues/90
> >
> > We have no way right now to block the addition of deprecated API usage,
> > which makes ever catching up on this replacement very challenging.
>
> These could be added to checkpatch's deprecated_api test.
> ---
> scripts/checkpatch.pl | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 149518d2a6a7..f9ccb2a63a95 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -605,6 +605,9 @@ foreach my $entry (@mode_permission_funcs) {
> $mode_perms_search = "(?:${mode_perms_search})";
>
> our %deprecated_apis = (
> + "strcpy" => "strscpy",
> + "strncpy" => "strscpy",
> + "strlcpy" => "strscpy",
> "synchronize_rcu_bh" => "synchronize_rcu",
> "synchronize_rcu_bh_expedited" => "synchronize_rcu_expedited",
> "call_rcu_bh" => "call_rcu",
>
>
Good idea, yeah. We, unfortunately, need to leave strncpy() off this
list for now because it's not *strictly* deprecated (see the notes in
bug report[1]), but the others can be.
[1] https://github.com/KSPP/linux/issues/89
--
Kees Cook
next prev parent reply other threads:[~2020-08-27 2:33 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-25 13:58 [PATCH v3] lib/string.c: implement stpcpy Nick Desaulniers
2020-08-25 18:51 ` Nathan Chancellor
2020-08-26 15:41 ` Sedat Dilek
2020-08-26 15:58 ` Masahiro Yamada
2020-09-06 9:57 ` Kees Cook
2020-08-26 16:49 ` Masahiro Yamada
2020-08-26 16:57 ` Joe Perches
2020-08-26 16:58 ` Nick Desaulniers
2020-08-26 22:59 ` Masahiro Yamada
2020-08-26 23:38 ` Kees Cook
2020-08-26 23:57 ` Joe Perches
2020-08-27 2:33 ` Kees Cook [this message]
2020-08-27 2:42 ` Joe Perches
2020-08-27 18:26 ` Kees Cook
2020-08-27 8:59 ` Andy Shevchenko
2020-08-27 18:30 ` Kees Cook
2020-08-27 19:37 ` Joe Perches
2020-08-27 19:41 ` Kees Cook
2020-08-27 20:05 ` Andy Shevchenko
2020-08-27 22:26 ` Kees Cook
2020-08-28 8:17 ` Andy Shevchenko
2020-08-31 23:21 ` Nick Desaulniers
2020-09-01 8:51 ` David Laight
-- strict thread matches above, loose matches on Subject: below --
2020-08-25 14:00 Nick Desaulniers
2020-08-26 15:22 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202008261932.FF4E5C0@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=alexandru.ardelean@analog.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=andy.lavr@gmail.com \
--cc=clang-built-linux@googlegroups.com \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=masahiroy@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nivedita@alum.mit.edu \
--cc=samitolvanen@google.com \
--cc=stable@vger.kernel.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.