diff options
author | Justin Stitt <justinstitt@google.com> | 2023-08-03 21:33:44 +0000 |
---|---|---|
committer | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2023-08-05 19:55:10 +0900 |
commit | 7b9ef666f27afde43c047de2be2985b68ad9febe (patch) | |
tree | 49ac8418ca57c382016e79917c4a1f53987c1a25 | |
parent | a959dbd98d1aeb51dec1cc7e5ada5d84ce16cbbc (diff) | |
download | lwn-7b9ef666f27afde43c047de2be2985b68ad9febe.tar.gz lwn-7b9ef666f27afde43c047de2be2985b68ad9febe.zip |
tomoyo: refactor deprecated strncpy
`strncpy` is deprecated for use on NUL-terminated destination strings [1].
A suitable replacement is `strscpy` [2] due to the fact that it
guarantees NUL-termination on its destination buffer argument which is
_not_ the case for `strncpy`!
It should be noted that the destination buffer is zero-initialized and
had a max length of `sizeof(dest) - 1`. There is likely _not_ a bug
present in the current implementation. However, by switching to
`strscpy` we get the benefit of no longer needing the `- 1`'s from the
string copy invocations on top of `strscpy` being a safer interface all
together.
[1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[2]: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-rw-r--r-- | security/tomoyo/domain.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index ac20c0bdff9d..90b53500a236 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -784,13 +784,12 @@ retry: if (!strcmp(domainname, "parent")) { char *cp; - strncpy(ee->tmp, old_domain->domainname->name, - TOMOYO_EXEC_TMPSIZE - 1); + strscpy(ee->tmp, old_domain->domainname->name, TOMOYO_EXEC_TMPSIZE); cp = strrchr(ee->tmp, ' '); if (cp) *cp = '\0'; } else if (*domainname == '<') - strncpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE - 1); + strscpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE); else snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", old_domain->domainname->name, domainname); |