| Message ID | 20250405143646.10722-1-goralbaris@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v4] scsi: target: transform strncpy into strscpy | expand |
On Sat Apr 5, 2025 at 4:36 PM CEST, Baris Can Goral wrote: > The strncpy() function is actively dangerous to use since it may not > NULL-terminate the destination string,resulting in potential memory > content exposures, unbounded reads, or crashes. > > Link:https://github.com/KSPP/linux/issues/90 > Signed-off-by: Baris Can Goral <goralbaris@gmail.com> > --- > Changes from v4: > -Description added > -User name corrected > -formatting issues. > -commit name changed > drivers/target/target_core_configfs.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c > index c40217f44b1b..5c0b74e76be2 100644 > --- a/drivers/target/target_core_configfs.c > +++ b/drivers/target/target_core_configfs.c > @@ -143,7 +143,7 @@ static ssize_t target_core_item_dbroot_store(struct config_item *item, > } > filp_close(fp, NULL); > > - strncpy(db_root, db_root_stage, read_bytes); > + strscpy(db_root, db_root_stage, read_bytes); > pr_debug("Target_Core_ConfigFS: db_root set to %s\n", db_root); > > r = read_bytes; > @@ -3664,7 +3664,7 @@ static void target_init_dbroot(void) > } > filp_close(fp, NULL); > > - strncpy(db_root, db_root_stage, DB_ROOT_LEN); > + strscpy(db_root, db_root_stage, DB_ROOT_LEN); > pr_debug("Target_Core_ConfigFS: db_root set to %s\n", db_root); > } > This patch doesn't apply anymore. strncpy() has already been replaced with strscpy() in version 6.14-rc2. Maurizio
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index c40217f44b1b..5c0b74e76be2 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -143,7 +143,7 @@ static ssize_t target_core_item_dbroot_store(struct config_item *item, } filp_close(fp, NULL); - strncpy(db_root, db_root_stage, read_bytes); + strscpy(db_root, db_root_stage, read_bytes); pr_debug("Target_Core_ConfigFS: db_root set to %s\n", db_root); r = read_bytes; @@ -3664,7 +3664,7 @@ static void target_init_dbroot(void) } filp_close(fp, NULL); - strncpy(db_root, db_root_stage, DB_ROOT_LEN); + strscpy(db_root, db_root_stage, DB_ROOT_LEN); pr_debug("Target_Core_ConfigFS: db_root set to %s\n", db_root); }
The strncpy() function is actively dangerous to use since it may not NULL-terminate the destination string,resulting in potential memory content exposures, unbounded reads, or crashes. Link:https://github.com/KSPP/linux/issues/90 Signed-off-by: Baris Can Goral <goralbaris@gmail.com> --- Changes from v4: -Description added -User name corrected -formatting issues. -commit name changed drivers/target/target_core_configfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)