[Linux-kernel-mentees] [PATCH] checkpatch: add a new check for strcpy/strlcpy uses

Lukas Bulwahn lukas.bulwahn at gmail.com
Tue Jan 5 08:02:32 UTC 2021


On Mon, Jan 4, 2021 at 2:25 PM Dwaipayan Ray <dwaipayanray1 at gmail.com> wrote:
>
> strcpy() performs no bounds checking on the destination buffer.
> This could result in linear overflows beyond the end of the buffer.
>
> strlcpy() reads the entire source buffer first. This read
> may exceed the destination size limit. This can be both inefficient
> and lead to linear read overflows.
>
> The safe replacement to both of these is to use strscpy() instead.
> Add a new checkpatch warning which alerts the user on finding usage of
> strcpy() or strlcpy().
>
> Signed-off-by: Dwaipayan Ray <dwaipayanray1 at gmail.com>
> ---

I remember Joe has already created a patch for that over Christmas
break; check lkml before sending this.

Other than that, looks good.

Lukas
>  scripts/checkpatch.pl | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index d6a4d25b0972..0003fd9de62c 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -6604,6 +6604,13 @@ sub process {
>                         }
>                 }
>
> +# Check for strcpy/strlcpy uses
> +               if (defined($stat) &&
> +                   $stat =~ /^\+(?:.*?)\b(str[l]?cpy)\s*\(/) {
> +                       WARN("PREFER_STRSCPY",
> +                            "Prefer strscpy() over $1()\n" . "$here\n$stat\n");
> +               }
> +
>  # Check for memcpy(foo, bar, ETH_ALEN) that could be ether_addr_copy(foo, bar)
>  #              if ($perl_version_ok &&
>  #                  defined $stat &&
> --
> 2.27.0
>


More information about the Linux-kernel-mentees mailing list