Commit b8f26882 authored Dec 16, 2024 by Kees Cook Committed by Jan Kara Dec 18, 2024

inotify: Use strscpy() for event->name copies

Since we have already allocated "len + 1" space for event->name, make sure
that name->name cannot ever accidentally cause a copy overflow by calling
strscpy() instead of the unbounded strcpy() routine. This assists in
the ongoing efforts to remove the unsafe strcpy() API[1] from the kernel.

Link: https://github.com/KSPP/linux/issues/88

 [1]
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20241216224507.work.859-kees@kernel.org

parent fac04efc

fs/notify/inotify/inotify_fsnotify.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -121,7 +121,7 @@ int inotify_handle_inode_event(struct fsnotify_mark *inode_mark, u32 mask,
		event->sync_cookie = cookie;
		event->name_len = len;
		if (len)
		strcpy(event->name, name->name);
		strscpy(event->name, name->name, event->name_len + 1);

		ret = fsnotify_add_event(group, fsn_event, inotify_merge);
		if (ret) {