From: Kees Cook <keescook@chromium.org>
To: justinstitt@google.com
Cc: Cezary Rojewski <cezary.rojewski@intel.com>,
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>,
Liam Girdwood <liam.r.girdwood@linux.intel.com>,
Peter Ujfalusi <peter.ujfalusi@linux.intel.com>,
Bard Liao <yung-chuan.liao@linux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>,
Kai Vehmanen <kai.vehmanen@linux.intel.com>,
Mark Brown <broonie@kernel.org>, Jaroslav Kysela <perex@perex.cz>,
Takashi Iwai <tiwai@suse.com>,
Nathan Chancellor <nathan@kernel.org>,
alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ASoC: Intel: Skylake: replace deprecated strncpy with strscpy
Date: Wed, 26 Jul 2023 15:34:48 -0700 [thread overview]
Message-ID: <202307261532.3EFCF04F1@keescook> (raw)
In-Reply-To: <20230726-asoc-intel-skylake-remove-deprecated-strncpy-v1-1-020e04184c7d@google.com>
On Wed, Jul 26, 2023 at 09:12:18PM +0000, justinstitt@google.com wrote:
> `strncpy` is deprecated for use on NUL-terminated destination strings [1].
>
> A suitable replacement is `strscpy` [2] due to the fact that it
> guarantees NUL-termination on its destination buffer argument which is
> _not_ the case for `strncpy`!
>
> It was pretty difficult, in this case, to try and figure out whether or
> not the destination buffer was zero-initialized. If it is and this
> behavior is relied on then perhaps `strscpy_pad` is the preferred
> option here.
>
> Kees was able to help me out and identify the following code snippet
> which seems to show that the destination buffer is zero-initialized.
>
> | skl = devm_kzalloc(&pci->dev, sizeof(*skl), GFP_KERNEL);
>
> With this information, I opted for `strscpy` since padding is seemingly
> not required.
We did notice that str_elem->string is 44 bytes, but
skl->lib_info[ref_count].name is 128 bytes. If str_elem->string isn't
NUL-terminated, this can still hit an over-read condition (though
CONFIG_FORTIFY_SOURCE would have caught it both before with strncpy()
and now with strscpy()). So I assume it is expected to be
NUL-terminated?
> Also within this patch is a change to an instance of `x > y - 1` to `x >= y`
> which tends to be more robust and readable. Consider, for instance, if `y` was
> somehow `INT_MIN`.
I'd split this change into a separate patch -- it's logically unrelated
(but seems a reasonable cleanup).
>
> [1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
> [2]: manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
>
> Link: https://github.com/KSPP/linux/issues/90
> Suggested-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
> sound/soc/intel/skylake/skl-topology.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c
> index 96cfebded072..67f08ec3a2ea 100644
> --- a/sound/soc/intel/skylake/skl-topology.c
> +++ b/sound/soc/intel/skylake/skl-topology.c
> @@ -3154,12 +3154,12 @@ static int skl_tplg_fill_str_mfest_tkn(struct device *dev,
>
> switch (str_elem->token) {
> case SKL_TKN_STR_LIB_NAME:
> - if (ref_count > skl->lib_count - 1) {
> + if (ref_count >= skl->lib_count) {
> ref_count = 0;
> return -EINVAL;
> }
>
> - strncpy(skl->lib_info[ref_count].name,
> + strscpy(skl->lib_info[ref_count].name,
> str_elem->string,
> ARRAY_SIZE(skl->lib_info[ref_count].name));
> ref_count++;
>
> ---
> base-commit: 0b4a9fdc9317440a71d4d4c264a5650bf4a90f3c
> change-id: 20230726-asoc-intel-skylake-remove-deprecated-strncpy-9dbcfc26040c
>
> Best regards,
> --
> Justin Stitt <justinstitt@google.com>
>
--
Kees Cook
next prev parent reply other threads:[~2023-07-26 22:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-26 21:12 [PATCH] ASoC: Intel: Skylake: replace deprecated strncpy with strscpy justinstitt
2023-07-26 22:34 ` Kees Cook [this message]
2023-07-28 7:25 ` Amadeusz Sławiński
2023-07-28 18:53 ` Kees Cook
2023-07-27 20:30 ` [PATCH v2] " Justin Stitt
2023-07-27 23:27 ` Mark Brown
2023-07-28 18:56 ` Kees Cook
2023-07-28 19:05 ` Mark Brown
2023-07-28 19:11 ` Justin Stitt
2023-07-28 18:58 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202307261532.3EFCF04F1@keescook \
--to=keescook@chromium.org \
--cc=alsa-devel@alsa-project.org \
--cc=broonie@kernel.org \
--cc=cezary.rojewski@intel.com \
--cc=justinstitt@google.com \
--cc=kai.vehmanen@linux.intel.com \
--cc=liam.r.girdwood@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=perex@perex.cz \
--cc=peter.ujfalusi@linux.intel.com \
--cc=pierre-louis.bossart@linux.intel.com \
--cc=ranjani.sridharan@linux.intel.com \
--cc=tiwai@suse.com \
--cc=yung-chuan.liao@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.