types.h: add an implementation for strscpy() and strscat()

Do our own implementation for such routines, as the Kernel
implementation is a lot more complex than what it would be needed
here.

With that, change checkpatch.pl to request usage of such functions
instead of unsafe strcpy()/strcat().

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 7ed2ec629edcb1e9cd8284ff14ee9734a49a8981..8a03a43ced15e77ce4e6764957823957e3acb7cb 100755 (executable)
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -6676,9 +6676,16 @@ sub process {
 #              }
 
 # strcpy and strcat should be avoided
+               my %strcpy_variant = (
+                   "strcpy" => "strscpy",
+                   "strncpy" => "strscpy",
+                   "strcat" => "strscat",
+                   "strncat" => "strscat",
+                   "sprintf" => "snprint",
+               );
                if ($line =~ /\b(strcpy|strcat|sprintf)\s*\(/) {
-                       WARN("STRCPY",
-                            "Please avoid $1 as it doesn't check buffer size\n" . $herecurr);
+                       WARN("STRING_COPY",
+                            "Please use " . $strcpy_variant{$1} . " instead $1\n" . $herecurr);
                }
 
 # ethtool_sprintf uses that should likely be ethtool_puts

diff --git a/types.h b/types.h
index 1cf7556a90f5705d595cec50400b21fde87f95c4..5e77967acc9d351bfe726963d9c2e37610ca8990 100644 (file)
--- a/types.h
+++ b/types.h
@@ -23,7 +23,9 @@
 
 #include <asm/bitsperlong.h>
 #include <assert.h>
+#include <errno.h>
 #include <linux/bits.h>
+#include <stddef.h>
 #include <stdint.h>
 
 #define STR(x) #x
@@ -121,6 +123,65 @@
 #define MAX_PATH                       1024
 #define SZ_512                         0x200
 
+/* String copy */
+
+/**
+ * strscpy - safe implementation of strcpy, with a buffer size
+ * @dst:       destination buffer
+ * @src:       source buffer
+ * @dsize:     size of the destination buffer
+ *
+ * Copy string up to @dsize-1 characters. String will end with a '\0'
+ * character at the end.
+ *
+ * Returns: number of characters at the destination buffer or -E2BIG if
+ * the string was too big to fit.
+ */
+static inline size_t strscpy(char *dst, const char *src, size_t dsize)
+{
+       size_t i = 0;
+
+       for (; i < dsize; i++, dst++, src++) {
+               *dst = *src;
+               if (!*dst)
+                       return i;
+       }
+
+       if (i)
+               dst--;
+
+       *dst = '\0';
+
+       return -E2BIG;
+}
+
+/**
+ * strscat - safe implementation of strcat, with a buffer size
+ * @dst:       destination buffer
+ * @src:       source buffer
+ * @dsize:     size of the destination buffer
+ *
+ * Append string until @dst is up to @dsize-1 characters. String will end
+ * with a '\0' character at the end.
+ *
+ * Returns: number of characters at the destination buffer or -E2BIG if
+ * the string was too big to fit.
+ */
+static inline size_t strscat(char *dst, const char *src, size_t dsize)
+{
+       int i, rc;
+
+       for (i = 0; dsize > 0; dsize--, dst++, i++)
+               if (!*dst)
+                       break;
+
+       rc = strscpy(dst, src, dsize);
+       if (rc < 0)
+               return rc;
+
+       return rc + i;
+}
+
 /**
  * container_of - cast a member of a structure out to the containing structure
  * @ptr:       the pointer to the member.