clocksource: Replace all non-returning strlcpy with strscpy

azeemshaikh38 · kees · commit 76edc27eda06 · 2023-06-01T11:24:50.000-07:00
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] KSPP#89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Acked-by: John Stultz <jstultz@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20230530163546.986188-1-azeemshaikh38@gmail.com
diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
@@ -1480,7 +1480,7 @@ static int __init boot_override_clocksource(char* str)
 {
 	mutex_lock(&clocksource_mutex);
 	if (str)
-		strlcpy(override_name, str, sizeof(override_name));
+		strscpy(override_name, str, sizeof(override_name));
 	mutex_unlock(&clocksource_mutex);
 	return 1;
 }

Original file line number	Diff line number	Diff line change
`@@ -1480,7 +1480,7 @@ static int __init boot_override_clocksource(char* str)`
`1480`	`1480`	`{`
`1481`	`1481`	`mutex_lock(&clocksource_mutex);`
`1482`	`1482`	`if (str)`
`1483`		`- strlcpy(override_name, str, sizeof(override_name));`
	`1483`	`+ strscpy(override_name, str, sizeof(override_name));`
`1484`	`1484`	`mutex_unlock(&clocksource_mutex);`
`1485`	`1485`	`return 1;`
`1486`	`1486`	`}`