* [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
@ 2025-05-21 16:10 Baris Can Goral
2025-05-21 17:14 ` Allison Henderson
2025-05-26 20:40 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 5+ messages in thread
From: Baris Can Goral @ 2025-05-21 16:10 UTC (permalink / raw)
To: allison.henderson, davem, edumazet, horms, kuba
Cc: goralbaris, linux-rdma, michal.swiatkowski, netdev, pabeni,
shankari.ak0208, skhan
The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes.
Link: https://github.com/KSPP/linux/issues/90
In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.
Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
---
net/rds/connection.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo->laddr = conn->c_laddr.s6_addr32[3];
cinfo->faddr = conn->c_faddr.s6_addr32[3];
cinfo->tos = conn->c_tos;
- strncpy(cinfo->transport, conn->c_trans->t_name,
- sizeof(cinfo->transport));
+ strscpy_pad(cinfo->transport, conn->c_trans->t_name);
cinfo->flags = 0;
rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo6->next_rx_seq = cp->cp_next_rx_seq;
cinfo6->laddr = conn->c_laddr;
cinfo6->faddr = conn->c_faddr;
- strncpy(cinfo6->transport, conn->c_trans->t_name,
- sizeof(cinfo6->transport));
+ strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
cinfo6->flags = 0;
rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
2025-05-21 16:10 [PATCH v5 net-next: rds] replace strncpy with strscpy_pad Baris Can Goral
@ 2025-05-21 17:14 ` Allison Henderson
2025-05-26 20:40 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 5+ messages in thread
From: Allison Henderson @ 2025-05-21 17:14 UTC (permalink / raw)
To: horms@kernel.org, edumazet@google.com, davem@davemloft.net,
goralbaris@gmail.com, kuba@kernel.org
Cc: michal.swiatkowski@linux.intel.com, shankari.ak0208@gmail.com,
netdev@vger.kernel.org, linux-rdma@vger.kernel.org,
pabeni@redhat.com, skhan@linuxfoundation.org
On Wed, 2025-05-21 at 19:10 +0300, Baris Can Goral wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory
> content exposures, unbounded reads, or crashes.
> Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/90__;!!ACWV5N9M2RV99hQ!PnLUmB9dUMUGdB0dDAEBM6IyoQVEtGLUn755qxSKNTBnGdMzPyDN0cDAS8qijzYFKXnMu3ApLnN0Jc3YBBfCtzh9$
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
>
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
Thanks for the updates, I think this version looks correct now.
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
> ---
> net/rds/connection.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo->laddr = conn->c_laddr.s6_addr32[3];
> cinfo->faddr = conn->c_faddr.s6_addr32[3];
> cinfo->tos = conn->c_tos;
> - strncpy(cinfo->transport, conn->c_trans->t_name,
> - sizeof(cinfo->transport));
> + strscpy_pad(cinfo->transport, conn->c_trans->t_name);
> cinfo->flags = 0;
>
> rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo6->next_rx_seq = cp->cp_next_rx_seq;
> cinfo6->laddr = conn->c_laddr;
> cinfo6->faddr = conn->c_faddr;
> - strncpy(cinfo6->transport, conn->c_trans->t_name,
> - sizeof(cinfo6->transport));
> + strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
> cinfo6->flags = 0;
>
> rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
2025-05-21 16:10 [PATCH v5 net-next: rds] replace strncpy with strscpy_pad Baris Can Goral
2025-05-21 17:14 ` Allison Henderson
@ 2025-05-26 20:40 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-05-26 20:40 UTC (permalink / raw)
To: Baris Can Goral
Cc: allison.henderson, davem, edumazet, horms, kuba, linux-rdma,
michal.swiatkowski, netdev, pabeni, shankari.ak0208, skhan
Hello:
This patch was applied to netdev/net-next.git (main)
by Paolo Abeni <pabeni@redhat.com>:
On Wed, 21 May 2025 19:10:37 +0300 you wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory
> content exposures, unbounded reads, or crashes.
> Link: https://github.com/KSPP/linux/issues/90
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
>
> [...]
Here is the summary with links:
- [v5,net-next:,rds] replace strncpy with strscpy_pad
https://git.kernel.org/netdev/net-next/c/5bccdc51f90c
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v4 net-next: rds] replace strncpy with strscpy_pad
@ 2025-05-19 21:15 Allison Henderson
2025-05-20 16:23 ` [PATCH v5 " Baris Can Goral
0 siblings, 1 reply; 5+ messages in thread
From: Allison Henderson @ 2025-05-19 21:15 UTC (permalink / raw)
To: michal.swiatkowski@linux.intel.com, goralbaris@gmail.com
Cc: linux-rdma@vger.kernel.org, davem@davemloft.net,
shankari.ak0208@gmail.com, pabeni@redhat.com, horms@kernel.org,
edumazet@google.com, kuba@kernel.org, skhan@linuxfoundation.org,
netdev@vger.kernel.org
On Mon, 2025-05-19 at 15:51 +0300, Baris Can Goral wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory.
It looks like we lost the last part of this phrase? I think you meant to quote the link: "...potential memory content
exposures, unbounded reads, or crashes."
Other than that I think it looks ok. Thanks!
Allison
> Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/90__;!!ACWV5N9M2RV99hQ!Ja5aVj9u5vDpeBsiMWIGFvGhVzCbcj-gUOS9qIbQ_QDVAy_GU9E4yl_yCjzYJ61uEfuo368zv8bY5vsmB9yxR-7h$
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
>
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
> ---
> net/rds/connection.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo->laddr = conn->c_laddr.s6_addr32[3];
> cinfo->faddr = conn->c_faddr.s6_addr32[3];
> cinfo->tos = conn->c_tos;
> - strncpy(cinfo->transport, conn->c_trans->t_name,
> - sizeof(cinfo->transport));
> + strscpy_pad(cinfo->transport, conn->c_trans->t_name);
> cinfo->flags = 0;
>
> rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo6->next_rx_seq = cp->cp_next_rx_seq;
> cinfo6->laddr = conn->c_laddr;
> cinfo6->faddr = conn->c_faddr;
> - strncpy(cinfo6->transport, conn->c_trans->t_name,
> - sizeof(cinfo6->transport));
> + strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
> cinfo6->flags = 0;
>
> rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
2025-05-19 21:15 [PATCH v4 " Allison Henderson
@ 2025-05-20 16:23 ` Baris Can Goral
2025-05-20 21:13 ` Zhu Yanjun
0 siblings, 1 reply; 5+ messages in thread
From: Baris Can Goral @ 2025-05-20 16:23 UTC (permalink / raw)
To: allison.henderson
Cc: davem, edumazet, goralbaris, horms, kuba, linux-rdma,
michal.swiatkowski, netdev, pabeni, shankari.ak0208, skhan
The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes.
Link: https://github.com/KSPP/linux/issues/90
In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.
Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
---
net/rds/connection.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo->laddr = conn->c_laddr.s6_addr32[3];
cinfo->faddr = conn->c_faddr.s6_addr32[3];
cinfo->tos = conn->c_tos;
- strncpy(cinfo->transport, conn->c_trans->t_name,
- sizeof(cinfo->transport));
+ strscpy_pad(cinfo->transport, conn->c_trans->t_name);
cinfo->flags = 0;
rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo6->next_rx_seq = cp->cp_next_rx_seq;
cinfo6->laddr = conn->c_laddr;
cinfo6->faddr = conn->c_faddr;
- strncpy(cinfo6->transport, conn->c_trans->t_name,
- sizeof(cinfo6->transport));
+ strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
cinfo6->flags = 0;
rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
2025-05-20 16:23 ` [PATCH v5 " Baris Can Goral
@ 2025-05-20 21:13 ` Zhu Yanjun
0 siblings, 0 replies; 5+ messages in thread
From: Zhu Yanjun @ 2025-05-20 21:13 UTC (permalink / raw)
To: Baris Can Goral, allison.henderson
Cc: davem, edumazet, horms, kuba, linux-rdma, michal.swiatkowski,
netdev, pabeni, shankari.ak0208, skhan
在 2025/5/20 18:23, Baris Can Goral 写道:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory
> content exposures, unbounded reads, or crashes.
> Link: https://github.com/KSPP/linux/issues/90
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
Please don't reply to an old thread when starting a new version.
It is better to start a new thread with the new version.
Zhu Yanjun
>
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
> ---
> net/rds/connection.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo->laddr = conn->c_laddr.s6_addr32[3];
> cinfo->faddr = conn->c_faddr.s6_addr32[3];
> cinfo->tos = conn->c_tos;
> - strncpy(cinfo->transport, conn->c_trans->t_name,
> - sizeof(cinfo->transport));
> + strscpy_pad(cinfo->transport, conn->c_trans->t_name);
> cinfo->flags = 0;
>
> rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo6->next_rx_seq = cp->cp_next_rx_seq;
> cinfo6->laddr = conn->c_laddr;
> cinfo6->faddr = conn->c_faddr;
> - strncpy(cinfo6->transport, conn->c_trans->t_name,
> - sizeof(cinfo6->transport));
> + strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
> cinfo6->flags = 0;
>
> rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-05-26 20:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-21 16:10 [PATCH v5 net-next: rds] replace strncpy with strscpy_pad Baris Can Goral
2025-05-21 17:14 ` Allison Henderson
2025-05-26 20:40 ` patchwork-bot+netdevbpf
-- strict thread matches above, loose matches on Subject: below --
2025-05-19 21:15 [PATCH v4 " Allison Henderson
2025-05-20 16:23 ` [PATCH v5 " Baris Can Goral
2025-05-20 21:13 ` Zhu Yanjun
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox