init/version.c: Replace strlcpy with strscpy

azeemshaikh38 · kees · commit 8ebab155ea18 · 2023-09-22T09:50:56.000-07:00
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). Direct replacement is safe here since return value of -errno is used to check for truncation instead of sizeof(dest). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] KSPP#89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Reviewed-by: Justin Stitt <justinstitt@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20230830160806.3821893-1-azeemshaikh38@gmail.com Signed-off-by: Kees Cook <keescook@chromium.org>
diff --git a/init/version.c b/init/version.c
@@ -21,10 +21,10 @@ static int __init early_hostname(char *arg)
 {
 	size_t bufsize = sizeof(init_uts_ns.name.nodename);
 	size_t maxlen  = bufsize - 1;
-	size_t arglen;
+	ssize_t arglen;
 
-	arglen = strlcpy(init_uts_ns.name.nodename, arg, bufsize);
-	if (arglen > maxlen) {
+	arglen = strscpy(init_uts_ns.name.nodename, arg, bufsize);
+	if (arglen < 0) {
 		pr_warn("hostname parameter exceeds %zd characters and will be truncated",
 			maxlen);
 	}

Original file line number	Diff line number	Diff line change
`@@ -21,10 +21,10 @@ static int __init early_hostname(char *arg)`
`21`	`21`	`{`
`22`	`22`	`size_t bufsize = sizeof(init_uts_ns.name.nodename);`
`23`	`23`	`size_t maxlen = bufsize - 1;`
`24`		`- size_t arglen;`
	`24`	`+ ssize_t arglen;`
`25`	`25`
`26`		`- arglen = strlcpy(init_uts_ns.name.nodename, arg, bufsize);`
`27`		`- if (arglen > maxlen) {`
	`26`	`+ arglen = strscpy(init_uts_ns.name.nodename, arg, bufsize);`
	`27`	`+ if (arglen < 0) {`
`28`	`28`	`pr_warn("hostname parameter exceeds %zd characters and will be truncated",`
`29`	`29`	`maxlen);`
`30`	`30`	`}`