diff options
| author | Kees Cook <kees@kernel.org> | 2026-03-23 01:27:25 +0000 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2026-06-18 16:39:31 -0700 |
| commit | 079a028d6327e68cfa5d38b36123637b321c19a7 (patch) | |
| tree | d6bed2ef9b0f5969d1105f010d8b4a8804a13f61 /drivers/misc | |
| parent | 58c4ce8cd6cd1fbf1bca2e1d1f42f9e2899fa934 (diff) | |
string: Remove strncpy() from the kernel
strncpy() has been a persistent source of bugs due to its ambiguous
intended usage and frequently counter-intuitive semantics: it may not
NUL-terminate the destination, and it unconditionally zero-pads to the
full length, which isn't always needed. All former callers have been
migrated[1] to:
- strscpy() for NUL-terminated destinations
- strscpy_pad() for NUL-terminated destinations needing zero-padding
- strtomem_pad() for non-NUL-terminated fixed-width fields
- memcpy_and_pad() for bounded copies with explicit padding
- memcpy() for known-length copies
Remove the generic implementation, its declaration, the FORTIFY_SOURCE
wrapper, and associated tests.
Link: https://github.com/KSPP/linux/issues/90 [1]
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'drivers/misc')
| -rw-r--r-- | drivers/misc/lkdtm/fortify.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c index 7615a02dfc47..5e66707e1180 100644 --- a/drivers/misc/lkdtm/fortify.c +++ b/drivers/misc/lkdtm/fortify.c @@ -98,7 +98,7 @@ static void lkdtm_FORTIFY_MEM_MEMBER(void) pr_info("trying to memcpy() past the end of a struct member...\n"); /* - * strncpy(target.a, src, 20); will hit a compile error because the + * memcpy(target.a, src, 20); will hit a compile error because the * compiler knows at build time that target.a < 20 bytes. Use a * volatile to force a runtime error. */ |