Re: [PATCH v3] drivers/edac/edac_mc: Remove all strcpy() uses
From: Joe Perches <joe@perches.com>
Date: 2021-08-07 17:09:55
Also in:
linux-hardening, lkml
On Sat, 2021-08-07 at 17:59 +0200, Len Baker wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. The safe replacement is strscpy().
Probably better to change the commit subject to something like what is generally used by the subsystem. Maybe: EDAC/mc: Convert strcpy to strscpy or EDAC/mc: Prefer strscpy over strcpy and also:
quoted hunk ↗ jump to hunk
diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
[]
quoted hunk ↗ jump to hunk
@@ -1113,11 +1115,11 @@ void edac_mc_handle_error(const enum hw_event_mc_err_type type,p = e->label; *p = '\0'; } else { - if (p != e->label) { - strcpy(p, OTHER_LABEL); - p += strlen(OTHER_LABEL); - } - strcpy(p, dimm->label); + const char *text = (p != e->label) ? OTHER_LABEL : + dimm->label; + + strscpy(p, text, len); + len -= strlen(p); p += strlen(p);
Perhaps this should use scnprintf rather than strscpy Something like: n += scnprintf(buf + n, len - n, "%s", p == e->label ? dim->label : OTHER_LABEL);