* [PATCH v3 net-next: rds] replace strncpy with strscpy_pad
[not found] <20250518090020.GA366906@horms.kernel.org>
@ 2025-05-18 19:53 ` goralbaris
2025-05-19 7:01 ` Michal Swiatkowski
0 siblings, 1 reply; 6+ messages in thread
From: goralbaris @ 2025-05-18 19:53 UTC (permalink / raw)
To: horms
Cc: allison.henderson, davem, edumazet, goralbaris, kuba, linux-rdma,
pabeni, skhan, shankari.ak0208, netdev
The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory.
Link: https://github.com/KSPP/linux/issues/90
In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.
Signed-off-by: goralbaris <goralbaris@gmail.com>
---
net/rds/connection.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo->laddr = conn->c_laddr.s6_addr32[3];
cinfo->faddr = conn->c_faddr.s6_addr32[3];
cinfo->tos = conn->c_tos;
- strncpy(cinfo->transport, conn->c_trans->t_name,
- sizeof(cinfo->transport));
+ strscpy_pad(cinfo->transport, conn->c_trans->t_name);
cinfo->flags = 0;
rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo6->next_rx_seq = cp->cp_next_rx_seq;
cinfo6->laddr = conn->c_laddr;
cinfo6->faddr = conn->c_faddr;
- strncpy(cinfo6->transport, conn->c_trans->t_name,
- sizeof(cinfo6->transport));
+ strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
cinfo6->flags = 0;
rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 net-next: rds] replace strncpy with strscpy_pad
2025-05-18 19:53 ` [PATCH v3 net-next: rds] replace strncpy with strscpy_pad goralbaris
@ 2025-05-19 7:01 ` Michal Swiatkowski
2025-05-19 12:51 ` [PATCH v4 " Baris Can Goral
0 siblings, 1 reply; 6+ messages in thread
From: Michal Swiatkowski @ 2025-05-19 7:01 UTC (permalink / raw)
To: goralbaris
Cc: horms, allison.henderson, davem, edumazet, kuba, linux-rdma,
pabeni, skhan, shankari.ak0208, netdev
On Sun, May 18, 2025 at 10:53:29PM +0300, goralbaris wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory.
> Link: https://github.com/KSPP/linux/issues/90
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
>
> Signed-off-by: goralbaris <goralbaris@gmail.com>
There should be your full name, not nick.
Feel free to add my RB tag
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
> ---
> net/rds/connection.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo->laddr = conn->c_laddr.s6_addr32[3];
> cinfo->faddr = conn->c_faddr.s6_addr32[3];
> cinfo->tos = conn->c_tos;
> - strncpy(cinfo->transport, conn->c_trans->t_name,
> - sizeof(cinfo->transport));
> + strscpy_pad(cinfo->transport, conn->c_trans->t_name);
> cinfo->flags = 0;
>
> rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo6->next_rx_seq = cp->cp_next_rx_seq;
> cinfo6->laddr = conn->c_laddr;
> cinfo6->faddr = conn->c_faddr;
> - strncpy(cinfo6->transport, conn->c_trans->t_name,
> - sizeof(cinfo6->transport));
> + strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
> cinfo6->flags = 0;
>
> rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> --
> 2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4 net-next: rds] replace strncpy with strscpy_pad
2025-05-19 7:01 ` Michal Swiatkowski
@ 2025-05-19 12:51 ` Baris Can Goral
2025-05-19 21:15 ` Allison Henderson
0 siblings, 1 reply; 6+ messages in thread
From: Baris Can Goral @ 2025-05-19 12:51 UTC (permalink / raw)
To: michal.swiatkowski
Cc: allison.henderson, davem, edumazet, goralbaris, horms, kuba,
linux-rdma, netdev, pabeni, shankari.ak0208, skhan
The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory.
Link: https://github.com/KSPP/linux/issues/90
In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.
Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
---
net/rds/connection.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo->laddr = conn->c_laddr.s6_addr32[3];
cinfo->faddr = conn->c_faddr.s6_addr32[3];
cinfo->tos = conn->c_tos;
- strncpy(cinfo->transport, conn->c_trans->t_name,
- sizeof(cinfo->transport));
+ strscpy_pad(cinfo->transport, conn->c_trans->t_name);
cinfo->flags = 0;
rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo6->next_rx_seq = cp->cp_next_rx_seq;
cinfo6->laddr = conn->c_laddr;
cinfo6->faddr = conn->c_faddr;
- strncpy(cinfo6->transport, conn->c_trans->t_name,
- sizeof(cinfo6->transport));
+ strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
cinfo6->flags = 0;
rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v4 net-next: rds] replace strncpy with strscpy_pad
2025-05-19 12:51 ` [PATCH v4 " Baris Can Goral
@ 2025-05-19 21:15 ` Allison Henderson
2025-05-20 16:23 ` [PATCH v5 " Baris Can Goral
0 siblings, 1 reply; 6+ messages in thread
From: Allison Henderson @ 2025-05-19 21:15 UTC (permalink / raw)
To: michal.swiatkowski@linux.intel.com, goralbaris@gmail.com
Cc: linux-rdma@vger.kernel.org, davem@davemloft.net,
shankari.ak0208@gmail.com, pabeni@redhat.com, horms@kernel.org,
edumazet@google.com, kuba@kernel.org, skhan@linuxfoundation.org,
netdev@vger.kernel.org
On Mon, 2025-05-19 at 15:51 +0300, Baris Can Goral wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory.
It looks like we lost the last part of this phrase? I think you meant to quote the link: "...potential memory content
exposures, unbounded reads, or crashes."
Other than that I think it looks ok. Thanks!
Allison
> Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/90__;!!ACWV5N9M2RV99hQ!Ja5aVj9u5vDpeBsiMWIGFvGhVzCbcj-gUOS9qIbQ_QDVAy_GU9E4yl_yCjzYJ61uEfuo368zv8bY5vsmB9yxR-7h$
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
>
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
> ---
> net/rds/connection.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo->laddr = conn->c_laddr.s6_addr32[3];
> cinfo->faddr = conn->c_faddr.s6_addr32[3];
> cinfo->tos = conn->c_tos;
> - strncpy(cinfo->transport, conn->c_trans->t_name,
> - sizeof(cinfo->transport));
> + strscpy_pad(cinfo->transport, conn->c_trans->t_name);
> cinfo->flags = 0;
>
> rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo6->next_rx_seq = cp->cp_next_rx_seq;
> cinfo6->laddr = conn->c_laddr;
> cinfo6->faddr = conn->c_faddr;
> - strncpy(cinfo6->transport, conn->c_trans->t_name,
> - sizeof(cinfo6->transport));
> + strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
> cinfo6->flags = 0;
>
> rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
2025-05-19 21:15 ` Allison Henderson
@ 2025-05-20 16:23 ` Baris Can Goral
2025-05-20 21:13 ` Zhu Yanjun
0 siblings, 1 reply; 6+ messages in thread
From: Baris Can Goral @ 2025-05-20 16:23 UTC (permalink / raw)
To: allison.henderson
Cc: davem, edumazet, goralbaris, horms, kuba, linux-rdma,
michal.swiatkowski, netdev, pabeni, shankari.ak0208, skhan
The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes.
Link: https://github.com/KSPP/linux/issues/90
In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.
Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
---
net/rds/connection.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo->laddr = conn->c_laddr.s6_addr32[3];
cinfo->faddr = conn->c_faddr.s6_addr32[3];
cinfo->tos = conn->c_tos;
- strncpy(cinfo->transport, conn->c_trans->t_name,
- sizeof(cinfo->transport));
+ strscpy_pad(cinfo->transport, conn->c_trans->t_name);
cinfo->flags = 0;
rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
cinfo6->next_rx_seq = cp->cp_next_rx_seq;
cinfo6->laddr = conn->c_laddr;
cinfo6->faddr = conn->c_faddr;
- strncpy(cinfo6->transport, conn->c_trans->t_name,
- sizeof(cinfo6->transport));
+ strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
cinfo6->flags = 0;
rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
2025-05-20 16:23 ` [PATCH v5 " Baris Can Goral
@ 2025-05-20 21:13 ` Zhu Yanjun
0 siblings, 0 replies; 6+ messages in thread
From: Zhu Yanjun @ 2025-05-20 21:13 UTC (permalink / raw)
To: Baris Can Goral, allison.henderson
Cc: davem, edumazet, horms, kuba, linux-rdma, michal.swiatkowski,
netdev, pabeni, shankari.ak0208, skhan
在 2025/5/20 18:23, Baris Can Goral 写道:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory
> content exposures, unbounded reads, or crashes.
> Link: https://github.com/KSPP/linux/issues/90
>
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
Please don't reply to an old thread when starting a new version.
It is better to start a new thread with the new version.
Zhu Yanjun
>
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
> ---
> net/rds/connection.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo->laddr = conn->c_laddr.s6_addr32[3];
> cinfo->faddr = conn->c_faddr.s6_addr32[3];
> cinfo->tos = conn->c_tos;
> - strncpy(cinfo->transport, conn->c_trans->t_name,
> - sizeof(cinfo->transport));
> + strscpy_pad(cinfo->transport, conn->c_trans->t_name);
> cinfo->flags = 0;
>
> rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
> cinfo6->next_rx_seq = cp->cp_next_rx_seq;
> cinfo6->laddr = conn->c_laddr;
> cinfo6->faddr = conn->c_faddr;
> - strncpy(cinfo6->transport, conn->c_trans->t_name,
> - sizeof(cinfo6->transport));
> + strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
> cinfo6->flags = 0;
>
> rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-05-20 21:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20250518090020.GA366906@horms.kernel.org>
2025-05-18 19:53 ` [PATCH v3 net-next: rds] replace strncpy with strscpy_pad goralbaris
2025-05-19 7:01 ` Michal Swiatkowski
2025-05-19 12:51 ` [PATCH v4 " Baris Can Goral
2025-05-19 21:15 ` Allison Henderson
2025-05-20 16:23 ` [PATCH v5 " Baris Can Goral
2025-05-20 21:13 ` Zhu Yanjun
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).