Re: [PATCH] block: fix buf size for strscpy()
From: James Bottomley
Date: Fri May 03 2024 - 08:37:09 EST
On Fri, 2024-05-03 at 15:48 +0800, David Yang wrote:
> strscpy() takes the total size of destination buffer as the argument,
> including the space for the terminating null character.
>
> The actual length of the buffer should be len(str) + 1, which can be
> seen from the indexes where null characters are written in the code
> before the commit in question, and 'sizeof(buf) - 1' right above
> the problematic codes.
>
> Without the additional 1 size and the absence of checkes against -
> E2BIG, strscpy() will angrily eat the last character of the source
> string. In my situation, strscpy() will take away one character
> before the comma "," (which is presumably the right bracket ")") in
> parse_parts(), making parse_subpart() unable to 'strchr(++partdef,
> ')')' and producing the following error message:
>
> cmdline partition format is invalid.
This is the same problem we brought up with the strscpy conversions in
scsi:
https://lore.kernel.org/all/784db8a20a3ddeb6c0498f2b31719e5198da6581.camel@xxxxxxxxxxxxxxxxxxxxx/
strscpy doesn't correctly replace a function of strncpy we used to get
a zero termination for a possibly unterminated string with a
destination that's one byte larger than the source. The current
proposed fix is this one:
https://lore.kernel.org/all/20240410021833.work.750-kees@xxxxxxxxxx/
James