Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <201907030912.30942E2FF@keescook>
Date: Wed, 3 Jul 2019 09:49:02 -0700
From: Kees Cook <keescook@...omium.org>
To: Nitin Gote <nitin.r.gote@...el.com>
Cc: jannh@...gle.com, kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v2] checkpatch: Added warnings in favor of strscpy().

On Wed, Jul 03, 2019 at 11:50:14AM +0530, Nitin Gote wrote:
> Added warnings in checkpatch.pl script to :
> 
> 1. Deprecate strcpy() in favor of strscpy().
> 2. Deprecate strlcpy() in favor of strscpy().
> 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad().
> 
> Updated strncpy() section in Documentation/process/deprecated.rst
> to cover strscpy_pad() case.
> 
> Signed-off-by: Nitin Gote <nitin.r.gote@...el.com>

Acked-by: Kees Cook <keescook@...omium.org>

This looks good. I think you're ready for sending this upstream. Please
see:
https://www.kernel.org/doc/html/latest/process/submitting-patches.html

The To: should likely be:
	Andrew Morton <akpm@...ux-foundation.org>
and I recommend CC to:
	Jonathan Corbet <corbet@....net>
	Andy Whitcroft <apw@...onical.com>
	Joe Perches <joe@...ches.com>
	linux-doc@...r.kernel.org
	linux-kernel@...r.kernel.org
	kernel-hardening@...ts.openwall.com

Thanks!

-Kees

> ---
>  Documentation/process/deprecated.rst | 6 +++---
>  scripts/checkpatch.pl                | 4 ++++
>  2 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> index 49e0f64..f564de3 100644
> --- a/Documentation/process/deprecated.rst
> +++ b/Documentation/process/deprecated.rst
> @@ -93,9 +93,9 @@ will be NUL terminated. This can lead to various linear read overflows
>  and other misbehavior due to the missing termination. It also NUL-pads the
>  destination buffer if the source contents are shorter than the destination
>  buffer size, which may be a needless performance penalty for callers using
> -only NUL-terminated strings. The safe replacement is :c:func:`strscpy`.
> -(Users of :c:func:`strscpy` still needing NUL-padding will need an
> -explicit :c:func:`memset` added.)
> +only NUL-terminated strings. In this case, the safe replacement is
> +:c:func:`strscpy`. If, however, the destination buffer still needs
> +NUL-padding, the safe replacement is :c:func:`strscpy_pad`.
> 
>  If a caller is using non-NUL-terminated strings, :c:func:`strncpy()` can
>  still be used, but destinations should be marked with the `__nonstring
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 342c7c7..2ce2340 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -595,6 +595,10 @@ our %deprecated_apis = (
> 	"rcu_barrier_sched"			=> "rcu_barrier",
> 	"get_state_synchronize_sched"		=> "get_state_synchronize_rcu",
> 	"cond_synchronize_sched"		=> "cond_synchronize_rcu",
> +	"strcpy"				=> "strscpy",
> +	"strlcpy"				=> "strscpy",
> +	"strncpy"				=> "strscpy, strscpy_pad or for non-NUL-terminated strings,
> +	 strncpy() can still be used, but destinations should be marked with the __nonstring",
>  );
> 
>  #Create a search pattern for all these strings to speed up a loop below
> --
> 2.7.4

-- 
Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.