Am 17.11.23 um 19:50 schrieb T.J. Mercier:
On Thu, Nov 16, 2023 at 11:14 AM Kees Cook keescook@chromium.org wrote:
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated[1]. Additionally, it returns the size of the source string, not the resulting size of the destination string. In an effort to remove strlcpy() completely[2], replace strlcpy() here with strscpy().
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [1] Link: https://github.com/KSPP/linux/issues/89 [2] Cc: Sumit Semwal sumit.semwal@linaro.org Cc: "Christian König" christian.koenig@amd.com Cc: Azeem Shaikh azeemshaikh38@gmail.com Cc: linux-media@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Cc: linaro-mm-sig@lists.linaro.org Signed-off-by: Kees Cook keescook@chromium.org
Reviewed-by: T.J. Mercier tjmercier@google.com
strscpy returns -E2BIG when it truncates / force null-terminates which would provide the wrong argument for dynamic_dname, but dma_buf_set_name{_user} makes sure we have a null-terminated string of the appropriate maximum size in dmabuf->name.
Thanks for that background check, I was about to note that this might not be a good idea.
Linus pretty clearly stated that he doesn't want to see patches like that one here, see this article as well. https://lwn.net/Articles/659214/
I think the commit message gives enough reason to merge the patch, so I'm going to push it to drm-misc-next. But please make sure to triple check stuff like this before sending.
Thanks, Christian.