Hi

On Thu, Nov 15, 2018 at 12:09 AM Kees Cook [off-list ref] wrote:

On Wed, Nov 14, 2018 at 9:40 AM, Laura Abbott [off-list ref] wrote:

[...]

quoted

Can we switch to strscpy instead? This will quiet gcc and avoid the
issues with strlcpy.

Yes please: it looks like these strings are expected to be NUL
terminated, so strscpy() without the "- 1" and min() logic would be
the correct solution here.

"the correct solution"? To my knowledge the original code was correct
as well. Am I missing something?

                           If @hid is already zero, then this would
just be:

       strscpy(hid->name, ev->u.create2.name, sizeof(hid->name));
       strscpy(hid->phys, ev->u.create2.phys, sizeof(hid->phys));
       strscpy(hid->uniq, ev->u.create2.uniq, sizeof(hid->uniq));

If they are NOT NUL terminated, then keep using strncpy() but mark the
fields in the struct with the __nonstring attribute.

They are supposed to be NUL terminated, but for compatibility reasons
we allow them to be not. So I don't think your proposal is safe.

Thanks
David