On Wed, Jun 14, 2023 at 10:01:57AM -0400, Azeem Shaikh wrote:

On Tue, Jun 13, 2023 at 3:27 PM Kees Cook [off-list ref] wrote:

quoted

On Tue, Jun 13, 2023 at 12:41:25AM +0000, Azeem Shaikh wrote:

quoted

strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().

Direct replacement is safe here since return value of -E2BIG
is used to check for truncation instead of sizeof(dest).

This looks technically correct, but I wonder if "< 0" is a better test?

Agreed. "< 0" might more generically represent -errno. Happy to send
over a v2 if you prefer that instead of sticking with this patch.

Please go with "< 0", since it's easier to read and less error-prone.  (It would
be easy to mistype -E2BIG as -EFBIG, or E2BIG, for example...)

- Eric