From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7312838C for ; Thu, 19 Oct 2023 01:22:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="RMS9RXfp" Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00F43113 for ; Wed, 18 Oct 2023 18:22:16 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-6be840283ceso1977033b3a.3 for ; Wed, 18 Oct 2023 18:22:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697678536; x=1698283336; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=9n/QH+xbBrrvxUjfEmKhMirsI/te5jWZt1YAktGhyic=; b=RMS9RXfpZBrDw1yQNo2zlTc605YBxEZufqMqx8YMBKY03h31xXYbqZ0pq6neufVJFT CpA6MDAV7lFWMa2Y7YW905CpWrwNPfkj0ElWqs1zuPWbTDhTI1lPMNfJ5RlOVUPrXnIT Vb4d3lE16NXGzRAsY99v1wm4Lk8zt8CZgrvAQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697678536; x=1698283336; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9n/QH+xbBrrvxUjfEmKhMirsI/te5jWZt1YAktGhyic=; b=hdPC9IV75MRyhrmsYSwsNU8e6Knw/TDySdNnr91RJjVqW0h4NrEfNrgQObvO9O2GOk 1kvOGWs/2juqkF4XSn6x9LLNfx9yoHhlYncEiVJNW2EbbUgvQ1XtGpTm8dWzMiSORXOQ JPjSo+h6wzlpA+L/N9AiSBqnYZ3p4LRs1h/he0Hgx7RMsGL+qY5N+cpAmL0vPF/jsJPM VXw7V3xP4z2uoylSPX2fAsEv5laXDwIyTz8QEHpNkXUcU0cyevHpvWWomOjLUR2flnz7 8HwHkb/R0tKwed6eDcQ8bbUPGMxwrDTyNn2w1A+owUQxmm7rXHg4k1v5vOXFIck1j5qq ISYg== X-Gm-Message-State: AOJu0YzTgld0nWuUUlrMrt/Z6y2Hjz2Yrou/OSIS+KRQZI+35AJZaCie WX/o+ZeT8wNecKt82AgVmS+lKg== X-Google-Smtp-Source: AGHT+IF7kVoDgCvAMAX61ZZHq2qj+2bRQzcvEeWrGaJGweRi1y5xM61ycUSkxB4x6/u047Ivm+nWwg== X-Received: by 2002:a05:6a00:3a09:b0:6bd:705b:56fb with SMTP id fj9-20020a056a003a0900b006bd705b56fbmr622425pfb.6.1697678536382; Wed, 18 Oct 2023 18:22:16 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id f186-20020a6251c3000000b00692754580f0sm4107595pfb.187.2023.10.18.18.22.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 18:22:15 -0700 (PDT) Date: Wed, 18 Oct 2023 18:22:15 -0700 From: Kees Cook To: Justin Stitt Cc: Gregory Greenman , Kalle Valo , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] wifi: iwlwifi: fw: replace deprecated strncpy with strscpy Message-ID: <202310181821.16FDE58565@keescook> References: <20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-v1-1-bf69ec7d1b97@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-v1-1-bf69ec7d1b97@google.com> On Tue, Oct 17, 2023 at 09:58:44PM +0000, Justin Stitt wrote: > strncpy() is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that > both dump_info->dev_human_readable and dump_info->bus_human_readable are > intended to be NUL-terminated. > > Neither of these symbols seem to be actually used after being assigned. > Which means our replacement doesn't really matter. At any rate, it would > seem NUL-padding is not required so let's use `strscpy` [2] due to the > fact that it guarantees NUL-termination on the destination buffer > without unnecessarily NUL-padding. (but maybe these should be > used or removed). This appears to be crossing the file boundary. I would be more comfortable seeing strscpy_pad() used here just to make sure there is no behavior change at all. -Kees > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt > --- > Note: build-tested only. > > Found with: $ rg "strncpy\(" > --- > drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > index 3ab6a68f1e9f..5455f8d1aab0 100644 > --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c > @@ -880,10 +880,10 @@ iwl_fw_error_dump_file(struct iwl_fw_runtime *fwrt, > cpu_to_le32(fwrt->trans->hw_rev_step); > memcpy(dump_info->fw_human_readable, fwrt->fw->human_readable, > sizeof(dump_info->fw_human_readable)); > - strncpy(dump_info->dev_human_readable, fwrt->trans->name, > - sizeof(dump_info->dev_human_readable) - 1); > - strncpy(dump_info->bus_human_readable, fwrt->dev->bus->name, > - sizeof(dump_info->bus_human_readable) - 1); > + strscpy(dump_info->dev_human_readable, fwrt->trans->name, > + sizeof(dump_info->dev_human_readable)); > + strscpy(dump_info->bus_human_readable, fwrt->dev->bus->name, > + sizeof(dump_info->bus_human_readable)); > dump_info->num_of_lmacs = fwrt->smem_cfg.num_lmacs; > dump_info->lmac_err_id[0] = > cpu_to_le32(fwrt->dump.lmac_err_id[0]); > > --- > base-commit: 58720809f52779dc0f08e53e54b014209d13eebb > change-id: 20231017-strncpy-drivers-net-wireless-intel-iwlwifi-fw-dbg-c-1f49f00b8a2e > > Best regards, > -- > Justin Stitt > > -- Kees Cook