On Thu, Mar 20, 2025 at 05:56:44PM +0100, Thorsten Blum wrote: > strncpy() is deprecated for NUL-terminated destination buffers; use > strscpy() instead. Since kzalloc() already zeroes out the destination > buffer, the potential NUL-padding by strncpy() is unnecessary. strscpy() > copies only the required characters and guarantees NUL-termination.
Looks right to me; thanks for the details! > > Since the destination buffer has a fixed length, strscpy() automatically > determines its size using sizeof() when the argument is omitted. This > makes an explicit sizeof() call unnecessary. > > The source string is also NUL-terminated and meets the __must_be_cstr() > requirement of strscpy(). > > No functional changes intended. > > Link: https://github.com/KSPP/linux/issues/90 > Cc: [email protected] > Signed-off-by: Thorsten Blum <[email protected]> Reviewed-by: Kees Cook <[email protected]> > --- > drivers/usb/gadget/legacy/inode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/usb/gadget/legacy/inode.c > b/drivers/usb/gadget/legacy/inode.c > index b6a30d88a800..fcce84a726f2 100644 > --- a/drivers/usb/gadget/legacy/inode.c > +++ b/drivers/usb/gadget/legacy/inode.c > @@ -1615,7 +1615,7 @@ static int activate_ep_files (struct dev_data *dev) > mutex_init(&data->lock); > init_waitqueue_head (&data->wait); > > - strncpy (data->name, ep->name, sizeof (data->name) - 1); > + strscpy(data->name, ep->name); > refcount_set (&data->count, 1); > data->dev = dev; > get_dev (dev); -- Kees Cook
