Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy()

From: Joe Perches
Date: Mon Aug 02 2021 - 14:57:50 EST

Next message: Sandeep Patil: "Re: [PATCH 1/1] fs: pipe: wakeup readers everytime new data written is to pipe"
Previous message: Dmitry Osipenko: "[PATCH v1] ASoC: rt5640: Silence warning message about missing interrupt"
In reply to: Kees Cook: "Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy()"
Next in thread: Len Baker: "Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2021-08-02 at 09:13 -0700, Kees Cook wrote:
> I'm wondering, instead, if we could convert strcpy() into this instead
> of adding another API? I.e. convert all the places that warn (if this
> were strcpy), and then land the conversion.

Perhaps not as strcpy is a builtin.

It might be easier as a cocci script. Something like:

@@
char [] dest;
constant char [] src;
@@

* strcpy(dest, src)

There are some additional test that needs to be added so that
only length(src) > length(dest) is reported.

Next message: Sandeep Patil: "Re: [PATCH 1/1] fs: pipe: wakeup readers everytime new data written is to pipe"
Previous message: Dmitry Osipenko: "[PATCH v1] ASoC: rt5640: Silence warning message about missing interrupt"
In reply to: Kees Cook: "Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy()"
Next in thread: Len Baker: "Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of strscpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]