mirror of
https://github.com/torvalds/linux.git
synced 2026-05-12 16:18:45 +02:00
8aae2da610
Replace the deprecated[1] strncpy() with strnlen() on the source followed by memcpy_and_pad(). This function is a chunk callback for UML's strncpy_from_user() implementation, called by buffer_op() to process userspace memory one page at a time. The source is a kernel-mapped userspace address that is not guaranteed to be NUL-terminated; "len" bounds how many bytes to read from it. By measuring the source string length first with strnlen(), we avoid reading past the NUL terminator in the source. memcpy_and_pad() then copies the string content and zero-fills the remainder of the chunk, preserving the original strncpy() behavior exactly: copy up to the first NUL, then pad with zeros to the full length. strtomem_pad() would be the idiomatic helper for this strnlen() + memcpy_and_pad() pattern, but it requires a compile-time-determinable destination size (via ARRAY_SIZE()). Here the destination is a char * into a caller-provided buffer and the chunk length is a runtime value, so the explicit two-step is necessary. No behavioral change: the same bytes are written to the destination (string content followed by zero padding), the pointer advances by the same amount, and the NUL-found return condition is unchanged. Link: https://github.com/KSPP/linux/issues/90 [1] Signed-off-by: Kees Cook <kees@kernel.org> Link: https://patch.msgid.link/20260323171713.work.839-kees@kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Makefile | ||
| mmu.c | ||
| process.c | ||
| stub_exe_embed.S | ||
| stub_exe.c | ||
| stub.c | ||
| syscall.c | ||
| uaccess.c | ||