Information Security News

Linux strncpy Removal Lands in Kernel 7.2

by ·

Linux strncpy removal in kernel 7.2 replacing the deprecated string copy API with strscpy

The Linux kernel has finally settled an old debt. After years of effort, the Linux strncpy removal is complete in version 7.2. The strncpy API is now gone from the source tree. For decades, the function looked like a safe way to copy a string of fixed length. In practice, however, it kept handing developers bugs, extra CPU work, and nasty surprises around string termination.

Why strncpy Was a Problem

The strncpy() function copies up to a set number of bytes. Yet it does not behave the way many people expect from a string function. The main trouble centers on the NUL byte at the end of a string. In some cases, the function leaves out the terminating NUL. In others, it pads the rest of the buffer with zeros.

For kernel code, that behavior became a convenient trap. A developer might assume a string was properly terminated. Instead, the field could lack a final NUL byte. Meanwhile, the kernel wasted time filling memory that never needed filling.

A Six-Year Cleanup Effort

Kernel developers long called strncpy a steady source of bugs. So removing it was no small task. The work took about six years and roughly 362 commits. During that time, maintainers slowly cleared old strncpy calls from many subsystems. They also swapped the ambiguous function for clearer alternatives. Eventually, no part of the kernel relied on the old interface anymore.

The Final Patch

The final patch merged into the kernel on Friday. Along with the API itself, the last per-architecture strncpy implementations left the source tree. After the merge, Linux 7.2 no longer offers developers an internal strncpy interface.

What Replaces strncpy

Kernel developers now pick a function that fits the exact scenario. Each option states its intent clearly. Here is the new toolkit:

  • strscpy() for ordinary NUL-terminated strings
  • strscpy_pad() for NUL-terminated strings that also need zero-padding
  • strtomem_pad() for fixed-width fields without a string NUL
  • memcpy_and_pad() for bounded copies with explicit padding
  • memcpy() for copying memory of a known length

Why This Change Matters

The strncpy removal is not a flashy, user-facing feature of Linux 7.2. Still, the step matters for the kernel. Developers pulled an old API with murky behavior out of the codebase. Then they replaced it with functions whose purpose is obvious from the name. As a result, the code becomes far easier to review. Better yet, a whole class of bugs slowly leaves the kernel. Those bugs involved truncated strings and broken termination.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags:

Leave a Reply