[PATCH v3 net-next: rds] replace strncpy with strscpy

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v3 net-next: rds] replace strncpy with strscpy_pad
       [not found] <20250518090020.GA366906@horms.kernel.org>
@ 2025-05-18 19:53 ` goralbaris
  2025-05-19  7:01   ` Michal Swiatkowski
  0 siblings, 1 reply; 6+ messages in thread
From: goralbaris @ 2025-05-18 19:53 UTC (permalink / raw)
  To: horms
  Cc: allison.henderson, davem, edumazet, goralbaris, kuba, linux-rdma,
	pabeni, skhan, shankari.ak0208, netdev

The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory.
Link: https://github.com/KSPP/linux/issues/90

In addition, strscpy_pad is more appropriate because it also zero-fills 
any remaining space in the destination if the source is shorter than 
the provided buffer size.

Signed-off-by: goralbaris <goralbaris@gmail.com>
---
 net/rds/connection.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
 	cinfo->laddr = conn->c_laddr.s6_addr32[3];
 	cinfo->faddr = conn->c_faddr.s6_addr32[3];
 	cinfo->tos = conn->c_tos;
-	strncpy(cinfo->transport, conn->c_trans->t_name,
-		sizeof(cinfo->transport));
+	strscpy_pad(cinfo->transport, conn->c_trans->t_name);
 	cinfo->flags = 0;
 
 	rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
 	cinfo6->next_rx_seq = cp->cp_next_rx_seq;
 	cinfo6->laddr = conn->c_laddr;
 	cinfo6->faddr = conn->c_faddr;
-	strncpy(cinfo6->transport, conn->c_trans->t_name,
-		sizeof(cinfo6->transport));
+	strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
 	cinfo6->flags = 0;
 
 	rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 net-next: rds] replace strncpy with strscpy_pad
  2025-05-18 19:53 ` [PATCH v3 net-next: rds] replace strncpy with strscpy_pad goralbaris
@ 2025-05-19  7:01   ` Michal Swiatkowski
  2025-05-19 12:51     ` [PATCH v4 " Baris Can Goral
  0 siblings, 1 reply; 6+ messages in thread
From: Michal Swiatkowski @ 2025-05-19  7:01 UTC (permalink / raw)
  To: goralbaris
  Cc: horms, allison.henderson, davem, edumazet, kuba, linux-rdma,
	pabeni, skhan, shankari.ak0208, netdev

On Sun, May 18, 2025 at 10:53:29PM +0300, goralbaris wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory.
> Link: https://github.com/KSPP/linux/issues/90
> 
> In addition, strscpy_pad is more appropriate because it also zero-fills 
> any remaining space in the destination if the source is shorter than 
> the provided buffer size.
> 
> Signed-off-by: goralbaris <goralbaris@gmail.com>

There should be your full name, not nick.

Feel free to add my RB tag
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>

> ---
>  net/rds/connection.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
>  	cinfo->laddr = conn->c_laddr.s6_addr32[3];
>  	cinfo->faddr = conn->c_faddr.s6_addr32[3];
>  	cinfo->tos = conn->c_tos;
> -	strncpy(cinfo->transport, conn->c_trans->t_name,
> -		sizeof(cinfo->transport));
> +	strscpy_pad(cinfo->transport, conn->c_trans->t_name);
>  	cinfo->flags = 0;
>  
>  	rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
>  	cinfo6->next_rx_seq = cp->cp_next_rx_seq;
>  	cinfo6->laddr = conn->c_laddr;
>  	cinfo6->faddr = conn->c_faddr;
> -	strncpy(cinfo6->transport, conn->c_trans->t_name,
> -		sizeof(cinfo6->transport));
> +	strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
>  	cinfo6->flags = 0;
>  
>  	rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> -- 
> 2.34.1

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v4 net-next: rds] replace strncpy with strscpy_pad
  2025-05-19  7:01   ` Michal Swiatkowski
@ 2025-05-19 12:51     ` Baris Can Goral
  2025-05-19 21:15       ` Allison Henderson
  0 siblings, 1 reply; 6+ messages in thread
From: Baris Can Goral @ 2025-05-19 12:51 UTC (permalink / raw)
  To: michal.swiatkowski
  Cc: allison.henderson, davem, edumazet, goralbaris, horms, kuba,
	linux-rdma, netdev, pabeni, shankari.ak0208, skhan

The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory.
Link: https://github.com/KSPP/linux/issues/90

In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.

Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
---
 net/rds/connection.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
 	cinfo->laddr = conn->c_laddr.s6_addr32[3];
 	cinfo->faddr = conn->c_faddr.s6_addr32[3];
 	cinfo->tos = conn->c_tos;
-	strncpy(cinfo->transport, conn->c_trans->t_name,
-		sizeof(cinfo->transport));
+	strscpy_pad(cinfo->transport, conn->c_trans->t_name);
 	cinfo->flags = 0;
 
 	rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
 	cinfo6->next_rx_seq = cp->cp_next_rx_seq;
 	cinfo6->laddr = conn->c_laddr;
 	cinfo6->faddr = conn->c_faddr;
-	strncpy(cinfo6->transport, conn->c_trans->t_name,
-		sizeof(cinfo6->transport));
+	strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
 	cinfo6->flags = 0;
 
 	rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v4 net-next: rds] replace strncpy with strscpy_pad
  2025-05-19 12:51     ` [PATCH v4 " Baris Can Goral
@ 2025-05-19 21:15       ` Allison Henderson
  2025-05-20 16:23         ` [PATCH v5 " Baris Can Goral
  0 siblings, 1 reply; 6+ messages in thread
From: Allison Henderson @ 2025-05-19 21:15 UTC (permalink / raw)
  To: michal.swiatkowski@linux.intel.com, goralbaris@gmail.com
  Cc: linux-rdma@vger.kernel.org, davem@davemloft.net,
	shankari.ak0208@gmail.com, pabeni@redhat.com, horms@kernel.org,
	edumazet@google.com, kuba@kernel.org, skhan@linuxfoundation.org,
	netdev@vger.kernel.org

On Mon, 2025-05-19 at 15:51 +0300, Baris Can Goral wrote:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory.
It looks like we lost the last part of this phrase? I think you meant to quote the link: "...potential memory content
exposures, unbounded reads, or crashes."

Other than that I think it looks ok.  Thanks!
Allison

> Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/90__;!!ACWV5N9M2RV99hQ!Ja5aVj9u5vDpeBsiMWIGFvGhVzCbcj-gUOS9qIbQ_QDVAy_GU9E4yl_yCjzYJ61uEfuo368zv8bY5vsmB9yxR-7h$ 
> 
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.
> 
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
> ---
>  net/rds/connection.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
>  	cinfo->laddr = conn->c_laddr.s6_addr32[3];
>  	cinfo->faddr = conn->c_faddr.s6_addr32[3];
>  	cinfo->tos = conn->c_tos;
> -	strncpy(cinfo->transport, conn->c_trans->t_name,
> -		sizeof(cinfo->transport));
> +	strscpy_pad(cinfo->transport, conn->c_trans->t_name);
>  	cinfo->flags = 0;
>  
>  	rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
>  	cinfo6->next_rx_seq = cp->cp_next_rx_seq;
>  	cinfo6->laddr = conn->c_laddr;
>  	cinfo6->faddr = conn->c_faddr;
> -	strncpy(cinfo6->transport, conn->c_trans->t_name,
> -		sizeof(cinfo6->transport));
> +	strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
>  	cinfo6->flags = 0;
>  
>  	rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
  2025-05-19 21:15       ` Allison Henderson
@ 2025-05-20 16:23         ` Baris Can Goral
  2025-05-20 21:13           ` Zhu Yanjun
  0 siblings, 1 reply; 6+ messages in thread
From: Baris Can Goral @ 2025-05-20 16:23 UTC (permalink / raw)
  To: allison.henderson
  Cc: davem, edumazet, goralbaris, horms, kuba, linux-rdma,
	michal.swiatkowski, netdev, pabeni, shankari.ak0208, skhan

The strncpy() function is actively dangerous to use since it may not
NULL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes.
Link: https://github.com/KSPP/linux/issues/90

In addition, strscpy_pad is more appropriate because it also zero-fills
any remaining space in the destination if the source is shorter than
the provided buffer size.

Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
---
 net/rds/connection.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/rds/connection.c b/net/rds/connection.c
index c749c5525b40..d62f486ab29f 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
 	cinfo->laddr = conn->c_laddr.s6_addr32[3];
 	cinfo->faddr = conn->c_faddr.s6_addr32[3];
 	cinfo->tos = conn->c_tos;
-	strncpy(cinfo->transport, conn->c_trans->t_name,
-		sizeof(cinfo->transport));
+	strscpy_pad(cinfo->transport, conn->c_trans->t_name);
 	cinfo->flags = 0;
 
 	rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
@@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
 	cinfo6->next_rx_seq = cp->cp_next_rx_seq;
 	cinfo6->laddr = conn->c_laddr;
 	cinfo6->faddr = conn->c_faddr;
-	strncpy(cinfo6->transport, conn->c_trans->t_name,
-		sizeof(cinfo6->transport));
+	strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
 	cinfo6->flags = 0;
 
 	rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v5 net-next: rds] replace strncpy with strscpy_pad
  2025-05-20 16:23         ` [PATCH v5 " Baris Can Goral
@ 2025-05-20 21:13           ` Zhu Yanjun
  0 siblings, 0 replies; 6+ messages in thread
From: Zhu Yanjun @ 2025-05-20 21:13 UTC (permalink / raw)
  To: Baris Can Goral, allison.henderson
  Cc: davem, edumazet, horms, kuba, linux-rdma, michal.swiatkowski,
	netdev, pabeni, shankari.ak0208, skhan

在 2025/5/20 18:23, Baris Can Goral 写道:
> The strncpy() function is actively dangerous to use since it may not
> NULL-terminate the destination string, resulting in potential memory
> content exposures, unbounded reads, or crashes.
> Link: https://github.com/KSPP/linux/issues/90
> 
> In addition, strscpy_pad is more appropriate because it also zero-fills
> any remaining space in the destination if the source is shorter than
> the provided buffer size.

Please don't reply to an old thread when starting a new version.

It is better to start a new thread with the new version.

Zhu Yanjun
> 
> Signed-off-by: Baris Can Goral <goralbaris@gmail.com>
> ---
>   net/rds/connection.c | 6 ++----
>   1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/net/rds/connection.c b/net/rds/connection.c
> index c749c5525b40..d62f486ab29f 100644
> --- a/net/rds/connection.c
> +++ b/net/rds/connection.c
> @@ -749,8 +749,7 @@ static int rds_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
>   	cinfo->laddr = conn->c_laddr.s6_addr32[3];
>   	cinfo->faddr = conn->c_faddr.s6_addr32[3];
>   	cinfo->tos = conn->c_tos;
> -	strncpy(cinfo->transport, conn->c_trans->t_name,
> -		sizeof(cinfo->transport));
> +	strscpy_pad(cinfo->transport, conn->c_trans->t_name);
>   	cinfo->flags = 0;
>   
>   	rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
> @@ -775,8 +774,7 @@ static int rds6_conn_info_visitor(struct rds_conn_path *cp, void *buffer)
>   	cinfo6->next_rx_seq = cp->cp_next_rx_seq;
>   	cinfo6->laddr = conn->c_laddr;
>   	cinfo6->faddr = conn->c_faddr;
> -	strncpy(cinfo6->transport, conn->c_trans->t_name,
> -		sizeof(cinfo6->transport));
> +	strscpy_pad(cinfo6->transport, conn->c_trans->t_name);
>   	cinfo6->flags = 0;
>   
>   	rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2025-05-20 21:14 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20250518090020.GA366906@horms.kernel.org>
2025-05-18 19:53 ` [PATCH v3 net-next: rds] replace strncpy with strscpy_pad goralbaris
2025-05-19  7:01   ` Michal Swiatkowski
2025-05-19 12:51     ` [PATCH v4 " Baris Can Goral
2025-05-19 21:15       ` Allison Henderson
2025-05-20 16:23         ` [PATCH v5 " Baris Can Goral
2025-05-20 21:13           ` Zhu Yanjun

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).