[PATCH net-next 0/6] replace deprecated strcpy with strscpy

[PATCH net-next 0/6] replace deprecated strcpy with strscpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Hongbo Li (6):
  net: prefer strscpy over strcpy
  net/ipv6: replace deprecated strcpy with strscpy
  net/netrom: prefer strscpy over strcpy
  net/netfilter: replace deprecated strcpy with strscpy
  net/tipc: replace deprecated strcpy with strscpy
  net/ipv4: net: prefer strscpy over strcpy

 net/core/dev.c                  | 2 +-
 net/ipv4/ip_tunnel.c            | 2 +-
 net/ipv4/netfilter/arp_tables.c | 2 +-
 net/ipv4/netfilter/ip_tables.c  | 2 +-
 net/ipv6/ndisc.c                | 2 +-
 net/netfilter/xt_recent.c       | 2 +-
 net/netrom/nr_route.c           | 4 ++--
 net/tipc/bearer.c               | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

-- 
2.34.1

[PATCH net-next 1/6] net: prefer strscpy over strcpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
---
 net/core/dev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 0d0b983a6c21..f5e0a0d801fd 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -11121,7 +11121,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
 	if (!dev->ethtool)
 		goto free_all;
 
-	strcpy(dev->name, name);
+	strscpy(dev->name, name, sizeof(dev->name));
 	dev->name_assign_type = name_assign_type;
 	dev->group = INIT_NETDEV_GROUP;
 	if (!dev->ethtool_ops)
-- 
2.34.1

[PATCH net-next 2/6] net/ipv6: replace deprecated strcpy with strscpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
---
 net/ipv6/ndisc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 1e42e40fb379..d231d678dabc 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1944,7 +1944,7 @@ static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl,
 	static char warncomm[TASK_COMM_LEN];
 	static int warned;
 	if (strcmp(warncomm, current->comm) && warned < 5) {
-		strcpy(warncomm, current->comm);
+		strscpy(warncomm, current->comm, TASK_COMM_LEN);
 		pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
 			warncomm, func,
 			dev_name, ctl->procname,
-- 
2.34.1

[PATCH net-next 3/6] net/netrom: prefer strscpy over strcpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
---
 net/netrom/nr_route.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netrom/nr_route.c b/net/netrom/nr_route.c
index bd2b17b219ae..e4e8c188cbc9 100644
--- a/net/netrom/nr_route.c
+++ b/net/netrom/nr_route.c
@@ -189,7 +189,7 @@ static int __must_check nr_add_node(ax25_address *nr, const char *mnemonic,
 		}
 
 		nr_node->callsign = *nr;
-		strcpy(nr_node->mnemonic, mnemonic);
+		strscpy(nr_node->mnemonic, mnemonic, sizeof(nr_node->mnemonic));
 
 		nr_node->which = 0;
 		nr_node->count = 1;
@@ -214,7 +214,7 @@ static int __must_check nr_add_node(ax25_address *nr, const char *mnemonic,
 	nr_node_lock(nr_node);
 
 	if (quality != 0)
-		strcpy(nr_node->mnemonic, mnemonic);
+		strscpy(nr_node->mnemonic, mnemonic, sizeof(nr_node->mnemonic));
 
 	for (found = 0, i = 0; i < nr_node->count; i++) {
 		if (nr_node->routes[i].neighbour == nr_neigh) {
-- 
2.34.1

[PATCH net-next 4/6] net/netfilter: replace deprecated strcpy with strscpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
---
 net/netfilter/xt_recent.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 588a5e6ad899..06af3afa1d32 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -400,7 +400,7 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
 	t->nstamps_max_mask = nstamp_mask;
 
 	memcpy(&t->mask, &info->mask, sizeof(t->mask));
-	strcpy(t->name, info->name);
+	strscpy(t->name, info->name, sizeof(t->name));
 	INIT_LIST_HEAD(&t->lru_list);
 	for (i = 0; i < ip_list_hash_size; i++)
 		INIT_LIST_HEAD(&t->iphash[i]);
-- 
2.34.1

[PATCH net-next 5/6] net/tipc: replace deprecated strcpy with strscpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
---
 net/tipc/bearer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 3c9e25f6a1d2..125a92e6aa3c 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -326,7 +326,7 @@ static int tipc_enable_bearer(struct net *net, const char *name,
 	if (!b)
 		return -ENOMEM;
 
-	strcpy(b->name, name);
+	strscpy(b->name, name, sizeof(b->name));
 	b->media = m;
 	res = m->enable_media(net, b, attr);
 	if (res) {
-- 
2.34.1

[PATCH net-next 6/6] net/ipv4: net: prefer strscpy over strcpy

[Hongbo Li]

The deprecated helper strcpy() performs no bounds checking on the
destination buffer. This could result in linear overflows beyond
the end of the buffer, leading to all kinds of misbehaviors.
The safe replacement is strscpy() [1].

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]

Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
---
 net/ipv4/ip_tunnel.c            | 2 +-
 net/ipv4/netfilter/arp_tables.c | 2 +-
 net/ipv4/netfilter/ip_tables.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 5cffad42fe8c..1c33fcbc0827 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -1326,7 +1326,7 @@ int ip_tunnel_init(struct net_device *dev)
 
 	tunnel->dev = dev;
 	tunnel->net = dev_net(dev);
-	strcpy(tunnel->parms.name, dev->name);
+	strscpy(tunnel->parms.name, dev->name, sizeof(tunnel->parms.name));
 	iph->version		= 4;
 	iph->ihl		= 5;
 
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 14365b20f1c5..2fa6ea78db9e 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -826,7 +826,7 @@ static int get_info(struct net *net, void __user *user, const int *len)
 		       sizeof(info.underflow));
 		info.num_entries = private->number;
 		info.size = private->size;
-		strcpy(info.name, name);
+		strscpy(info.name, name, sizeof(info.name));
 
 		if (copy_to_user(user, &info, *len) != 0)
 			ret = -EFAULT;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index fe89a056eb06..d853070432c6 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -981,7 +981,7 @@ static int get_info(struct net *net, void __user *user, const int *len)
 		       sizeof(info.underflow));
 		info.num_entries = private->number;
 		info.size = private->size;
-		strcpy(info.name, name);
+		strscpy(info.name, name, sizeof(info.name));
 
 		if (copy_to_user(user, &info, *len) != 0)
 			ret = -EFAULT;
-- 
2.34.1

Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy

[Dan Carpenter]

On Tue, Aug 27, 2024 at 07:35:22PM +0800, Hongbo Li wrote:
> The deprecated helper strcpy() performs no bounds checking on the
> destination buffer. This could result in linear overflows beyond
> the end of the buffer, leading to all kinds of misbehaviors.
> The safe replacement is strscpy() [1].
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> 
> Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
> ---
>  net/core/dev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 0d0b983a6c21..f5e0a0d801fd 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -11121,7 +11121,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
>  	if (!dev->ethtool)
>  		goto free_all;
>  
> -	strcpy(dev->name, name);
> +	strscpy(dev->name, name, sizeof(dev->name));

You can just do:

	strscpy(dev->name, name);

I prefer this format because it ensures that dev->name is an array and not a
pointer.  Also shorter.

regards,
dan carpenter

Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy

[Hongbo Li]

On 2024/8/27 20:30, Dan Carpenter wrote:
> On Tue, Aug 27, 2024 at 07:35:22PM +0800, Hongbo Li wrote:
>> The deprecated helper strcpy() performs no bounds checking on the
>> destination buffer. This could result in linear overflows beyond
>> the end of the buffer, leading to all kinds of misbehaviors.
>> The safe replacement is strscpy() [1].
>>
>> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
>>
>> Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
>> ---
>>   net/core/dev.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/core/dev.c b/net/core/dev.c
>> index 0d0b983a6c21..f5e0a0d801fd 100644
>> --- a/net/core/dev.c
>> +++ b/net/core/dev.c
>> @@ -11121,7 +11121,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
>>   	if (!dev->ethtool)
>>   		goto free_all;
>>   
>> -	strcpy(dev->name, name);
>> +	strscpy(dev->name, name, sizeof(dev->name));
> 
> You can just do:
> 
> 	strscpy(dev->name, name);
> 
> I prefer this format because it ensures that dev->name is an array and not a
> pointer.  Also shorter.
ok, I'll remove the len.(Most of these are an array, not a pointer)

Thanks,
Hongbo

> 
> regards,
> dan carpenter
> 

Re: [PATCH net-next 1/6] net: prefer strscpy over strcpy

[Dan Carpenter]

On Wed, Aug 28, 2024 at 03:43:30PM +0800, Hongbo Li wrote:
> 
> 
> On 2024/8/27 20:30, Dan Carpenter wrote:
> > On Tue, Aug 27, 2024 at 07:35:22PM +0800, Hongbo Li wrote:
> > > The deprecated helper strcpy() performs no bounds checking on the
> > > destination buffer. This could result in linear overflows beyond
> > > the end of the buffer, leading to all kinds of misbehaviors.
> > > The safe replacement is strscpy() [1].
> > > 
> > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> > > 
> > > Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
> > > ---
> > >   net/core/dev.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/net/core/dev.c b/net/core/dev.c
> > > index 0d0b983a6c21..f5e0a0d801fd 100644
> > > --- a/net/core/dev.c
> > > +++ b/net/core/dev.c
> > > @@ -11121,7 +11121,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
> > >   	if (!dev->ethtool)
> > >   		goto free_all;
> > > -	strcpy(dev->name, name);
> > > +	strscpy(dev->name, name, sizeof(dev->name));
> > 
> > You can just do:
> > 
> > 	strscpy(dev->name, name);
> > 
> > I prefer this format because it ensures that dev->name is an array and not a
> > pointer.  Also shorter.
> ok, I'll remove the len.(Most of these are an array, not a pointer)

s/Most/all/.

If it were a pointer that would have been a bug and someone would have
complained already.  :P

regards,
dan carpenter