Skip to content

Commit

Permalink
scsi: ncr53c8xx: Replace strlcpy() with strscpy()
Browse files Browse the repository at this point in the history 
strlcpy() reads the entire source buffer first.  This read may exceed the
destination size limit.  This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1].  In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().

No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] KSPP#89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20230621030033.3800351-2-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
  • Loading branch information
@azeemshaikh38 @martinkpetersen
azeemshaikh38 authored and martinkpetersen committed Jun 22, 2023
1 parent 00c2cae commit d1e8a9f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/scsi/ncr53c8xx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4555,7 +4555,7 @@ static void ncr_detach(struct ncb *np)
char inst_name[16];

/* Local copy so we don't access np after freeing it! */
strlcpy(inst_name, ncr_name(np), sizeof(inst_name));
strscpy(inst_name, ncr_name(np), sizeof(inst_name));

printk("%s: releasing host resources\n", ncr_name(np));

Expand Down

0 comments on commit d1e8a9f

Please sign in to comment.