From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D1E3EB64D9 for ; Wed, 14 Jun 2023 17:13:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234375AbjFNRNh (ORCPT ); Wed, 14 Jun 2023 13:13:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41286 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236660AbjFNRNe (ORCPT ); Wed, 14 Jun 2023 13:13:34 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64C7D193; Wed, 14 Jun 2023 10:13:33 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 014416440C; Wed, 14 Jun 2023 17:13:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1EE42C433C0; Wed, 14 Jun 2023 17:13:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686762812; bh=DghLN/GWkWPUCJuJI14dr3JoWgkabHO9cq9SRz14ZvU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LLeipFXIhCUYnnW3nhiV2EFtGLNuwGLln398EBaW99tw+NIrOMZyNVC+EKdMIy7OG /mRWJ/Em7C4FHnwfnjRd3pen55zKD4lYzAnqXQX4gZhyMNLTCgVK1fYgIvffxVWJS4 Gigm1CoQN6oDRp7Foa2pjDDZEUzH9txK0Ikr0lcAKadGabIyb3CNLBCveaNFTfSr1t CDxk0Q9juuKm9HlbrjvVH7Hsfcnf/++Ao/fvlVM9MhX1eh8i30rZUb/KebF7huJEGI 1de1q4zD5I35VSo8sbAnuVTn8I+sw2RM7oQ6ZVChX2nUGNMWbsekAMVDnYjftktnJO FublxFBFKH2iw== Date: Wed, 14 Jun 2023 10:13:30 -0700 From: Eric Biggers To: Azeem Shaikh Cc: Kees Cook , Steven Rostedt , Masami Hiramatsu , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Subject: Re: [PATCH] tracing/boot: Replace strlcpy with strscpy Message-ID: <20230614171330.GA1146@sol.localdomain> References: <20230613004125.3539934-1-azeemshaikh38@gmail.com> <202306131227.26F90584F7@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 14, 2023 at 10:01:57AM -0400, Azeem Shaikh wrote: > On Tue, Jun 13, 2023 at 3:27 PM Kees Cook wrote: > > > > On Tue, Jun 13, 2023 at 12:41:25AM +0000, Azeem Shaikh wrote: > > > strlcpy() reads the entire source buffer first. > > > This read may exceed the destination size limit. > > > This is both inefficient and can lead to linear read > > > overflows if a source string is not NUL-terminated [1]. > > > In an effort to remove strlcpy() completely [2], replace > > > strlcpy() here with strscpy(). > > > > > > Direct replacement is safe here since return value of -E2BIG > > > is used to check for truncation instead of sizeof(dest). > > > > This looks technically correct, but I wonder if "< 0" is a better test? > > Agreed. "< 0" might more generically represent -errno. Happy to send > over a v2 if you prefer that instead of sticking with this patch. Please go with "< 0", since it's easier to read and less error-prone. (It would be easy to mistype -E2BIG as -EFBIG, or E2BIG, for example...) - Eric