git.ipfire.org Git - thirdparty/linux.git/commit

author	Kees Cook <kees@kernel.org>
	Mon, 23 Mar 2026 01:27:25 +0000 (01:27 +0000)
committer	Kees Cook <kees@kernel.org>
	Thu, 18 Jun 2026 23:39:31 +0000 (16:39 -0700)
commit	079a028d6327e68cfa5d38b36123637b321c19a7
tree	d6bed2ef9b0f5969d1105f010d8b4a8804a13f61	tree \| snapshot
parent	58c4ce8cd6cd1fbf1bca2e1d1f42f9e2899fa934	commit \| diff

string: Remove strncpy() from the kernel

strncpy() has been a persistent source of bugs due to its ambiguous
intended usage and frequently counter-intuitive semantics: it may not
NUL-terminate the destination, and it unconditionally zero-pads to the
full length, which isn't always needed. All former callers have been
migrated[1] to:

  - strscpy()        for NUL-terminated destinations
  - strscpy_pad()    for NUL-terminated destinations needing zero-padding
  - strtomem_pad()   for non-NUL-terminated fixed-width fields
  - memcpy_and_pad() for bounded copies with explicit padding
  - memcpy()         for known-length copies

Remove the generic implementation, its declaration, the FORTIFY_SOURCE
wrapper, and associated tests.

Link: https://github.com/KSPP/linux/issues/90
Signed-off-by: Kees Cook <kees@kernel.org>

Documentation/process/deprecated.rst		diff \| blob \| blame \| history
drivers/misc/lkdtm/fortify.c		diff \| blob \| blame \| history
include/linux/fortify-string.h		diff \| blob \| blame \| history
include/linux/string.h		diff \| blob \| blame \| history
lib/string.c		diff \| blob \| blame \| history
lib/test_fortify/write_overflow-strncpy-src.c	[deleted file]	blob \| blame \| history
lib/test_fortify/write_overflow-strncpy.c	[deleted file]	blob \| blame \| history
lib/tests/fortify_kunit.c		diff \| blob \| blame \| history