Skip to content

Commit 38638ff

Browse files
azeemshaikh38rostedt
azeemshaikh38
authored and
rostedt
committed
tracing/boot: Replace strlcpy with strscpy
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). Direct replacement is safe here since return value of -E2BIG is used to check for truncation instead of sizeof(dest). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] KSPP#89 Link: https://lore.kernel.org/linux-trace-kernel/[email protected] Cc: Masami Hiramatsu <[email protected]> Signed-off-by: Azeem Shaikh <[email protected]> Reviewed-by: Kees Cook <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
1 parent e88ed22 commit 38638ff

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

kernel/trace/trace_boot.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ trace_boot_set_instance_options(struct trace_array *tr, struct xbc_node *node)
3131

3232
/* Common ftrace options */
3333
xbc_node_for_each_array_value(node, "options", anode, p) {
34-
if (strlcpy(buf, p, ARRAY_SIZE(buf)) >= ARRAY_SIZE(buf)) {
34+
if (strscpy(buf, p, ARRAY_SIZE(buf)) == -E2BIG) {
3535
pr_err("String is too long: %s\n", p);
3636
continue;
3737
}
@@ -87,7 +87,7 @@ trace_boot_enable_events(struct trace_array *tr, struct xbc_node *node)
8787
const char *p;
8888

8989
xbc_node_for_each_array_value(node, "events", anode, p) {
90-
if (strlcpy(buf, p, ARRAY_SIZE(buf)) >= ARRAY_SIZE(buf)) {
90+
if (strscpy(buf, p, ARRAY_SIZE(buf)) == -E2BIG) {
9191
pr_err("String is too long: %s\n", p);
9292
continue;
9393
}
@@ -486,15 +486,15 @@ trace_boot_init_one_event(struct trace_array *tr, struct xbc_node *gnode,
486486

487487
p = xbc_node_find_value(enode, "filter", NULL);
488488
if (p && *p != '\0') {
489-
if (strlcpy(buf, p, ARRAY_SIZE(buf)) >= ARRAY_SIZE(buf))
489+
if (strscpy(buf, p, ARRAY_SIZE(buf)) == -E2BIG)
490490
pr_err("filter string is too long: %s\n", p);
491491
else if (apply_event_filter(file, buf) < 0)
492492
pr_err("Failed to apply filter: %s\n", buf);
493493
}
494494

495495
if (IS_ENABLED(CONFIG_HIST_TRIGGERS)) {
496496
xbc_node_for_each_array_value(enode, "actions", anode, p) {
497-
if (strlcpy(buf, p, ARRAY_SIZE(buf)) >= ARRAY_SIZE(buf))
497+
if (strscpy(buf, p, ARRAY_SIZE(buf)) == -E2BIG)
498498
pr_err("action string is too long: %s\n", p);
499499
else if (trigger_process_regex(file, buf) < 0)
500500
pr_err("Failed to apply an action: %s\n", p);

0 commit comments

Comments
 (0)