From: Brahmajit Das <listout@listout.xyz>
To: linux-hardening@vger.kernel.org
Cc: kees@kernel.org, justinstitt@google.com, richard@nod.at,
anton.ivanov@cambridgegreys.com, johannes@sipsolutions.net,
linux-um@lists.infradead.org
Subject: [RFC PATCH] um: replace deprecated strncpy with strscpy
Date: Sun, 8 Jun 2025 03:00:06 +0530 [thread overview]
Message-ID: <20250607213006.7858-1-listout@listout.xyz> (raw)
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces.
This modification is mainly due to the concerns on
https://github.com/KSPP/linux/issues/336, where it was mentioned that
strncpy_from_user is confusingly named as it does not NUL-pad the
destination, but it does NOT guarantee NUL-termination.
With this approach/patch we can always ensure that the dst buffer is NUL
terminated.
My initial guess was to create a separate function, something like
strscpy_from_user that would use strscpy_chunk_from_user which would
inturn use strscpy instead of the strncpy (like in this patch). But I'm
new quite unsure about adding new functions to kernel code. I'm open to
other ideas and/or approach as well, since I'm quit sure there might be
a better way to handle this.
[1]: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
Signed-off-by: Brahmajit Das <listout@listout.xyz>
---
arch/um/kernel/skas/uaccess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c
index 198269e384c4..c00ef385591c 100644
--- a/arch/um/kernel/skas/uaccess.c
+++ b/arch/um/kernel/skas/uaccess.c
@@ -170,7 +170,7 @@ static int strncpy_chunk_from_user(unsigned long from, int len, void *arg)
char **to_ptr = arg, *to = *to_ptr;
int n;
- strncpy(to, (void *) from, len);
+ strscpy(to, (void *) from, len);
n = strnlen(to, len);
*to_ptr += n;
--
2.49.0
next reply other threads:[~2025-06-07 21:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-07 21:30 Brahmajit Das [this message]
2025-06-10 4:15 ` [RFC PATCH] um: replace deprecated strncpy with strscpy Kees Cook
2025-06-12 16:09 ` Brahmajit Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250607213006.7858-1-listout@listout.xyz \
--to=listout@listout.xyz \
--cc=anton.ivanov@cambridgegreys.com \
--cc=johannes@sipsolutions.net \
--cc=justinstitt@google.com \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-um@lists.infradead.org \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).