From: Kees Cook <keescook@chromium.org>
To: Justin Stitt <justinstitt@google.com>
Cc: Robert Moore <robert.moore@intel.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Len Brown <lenb@kernel.org>,
linux-acpi@vger.kernel.org,
acpica-devel@lists.linuxfoundation.org,
linux-kernel@vger.kernel.org,
Nick Desaulniers <ndesaulniers@google.com>,
Nathan Chancellor <nathan@kernel.org>
Subject: Re: [PATCH RFC] ACPICA: remove acpi_ut_safe_strncpy in favor of strscpy
Date: Thu, 24 Aug 2023 16:21:50 -0700 [thread overview]
Message-ID: <202308241612.DFE4119@keescook> (raw)
In-Reply-To: <20230824-strncpy-drivers-acpi-acpica-v1-1-d027ba183b66@google.com>
On Thu, Aug 24, 2023 at 10:02:02PM +0000, Justin Stitt wrote:
> I wanted to gather some thoughts on removing `acpi_ut_safe_strncpy` (and
> potentially other `acpi...safe...()` interfaces) in favor of
> pre-existing interfaces in the kernel (like strscpy).
>
> Running a git blame shows these functions were implemented 10 years ago
> and their implementations generally mirror the _newer_ and more robust
> stuff in lib/string.h -- Let's just use these, right?
>
> I appreciate any comments and whether or not I should stop at just
> `strncpy`.
ACPICA is actually a separate upstream project, so changes are best made
there[1]. However, this code base is shared with many OSes and
compilers, so there won't be a common "strscpy" available. Perhaps the
right thing to do here is to implement acpi_ut_safe_strncpy() in terms
of strnlen(), memcpy(), and memset(). That would make the upstream
project safe against "too long reads", etc, and would require no
collateral changes:
void acpi_ut_safe_strncpy(char *dest, char *source, acpi_size dest_size)
{
/* Do not over-read the source string. */
acpi_size len = 0;
if (dest_size > 0)
len = strnlen(source, dest_size - 1);
if (len)
memcpy(dest, source, len)
/* Always terminate destination string and pad to dest_size. */
memset(dest + len, '\0', dest_size - len);
}
-Kees
[1] https://github.com/acpica/acpica
e.g. https://github.com/acpica/acpica/pull/856
--
Kees Cook
prev parent reply other threads:[~2023-08-24 23:22 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-24 22:02 [PATCH RFC] ACPICA: remove acpi_ut_safe_strncpy in favor of strscpy Justin Stitt
2023-08-24 23:21 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202308241612.DFE4119@keescook \
--to=keescook@chromium.org \
--cc=acpica-devel@lists.linuxfoundation.org \
--cc=justinstitt@google.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=rafael.j.wysocki@intel.com \
--cc=robert.moore@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox