lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Jan 2018 19:14:36 +0800
From:   Xiongfeng Wang <wangxiongfeng2@...wei.com>
To:     Jan Kara <jack@...e.cz>
CC:     <adilger.kernel@...ger.ca>, <linux-ext4@...r.kernel.org>,
        <arnd@...db.de>
Subject: Re: [PATCH] ext4: use strlcpy() instead of strncpy()



On 2018/1/9 18:06, Jan Kara wrote:
> On Tue 09-01-18 16:58:39, Xiongfeng Wang wrote:
>> From: Xiongfeng Wang <xiongfeng.wang@...aro.org>
>>
>> gcc-8 reports
>>
>> fs/ext4/super.c: In function '__save_error_info.isra.6':
>> ./include/linux/string.h:245:9: warning: '__builtin_strncpy' specified
>> bound 32 equals destination size [-Wstringop-truncation]
>>
>> We need to use strlcpy() to make sure the dest string is nul-terminated.
>>
>> Signed-off-by: Xiongfeng Wang <xiongfeng.wang@...aro.org>
> 
> Please have a look how s_last_error_func is used. If you do that, you'll
> notice that we do take care to print only sizeof(s_last_error_func)
> characters from the string or NUL-terminate it (in e2fsprogs). So your
> patch just wastes one character for useless NUL-termination...
> 
> 								Honza

Sorry, I didn't notice how s_last_error_func is used before.
We do waste one character if we use strlcpy() instead of strncpy().
We can't use memcpy() either. But I can't  figure out a better way to avoid
this warning.

Thanks,
Xiongfeng
> 
>> ---
>>  fs/ext4/super.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index 7c46693..051b988 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -323,11 +323,11 @@ static void __save_error_info(struct super_block *sb, const char *func,
>>  		return;
>>  	es->s_state |= cpu_to_le16(EXT4_ERROR_FS);
>>  	es->s_last_error_time = cpu_to_le32(get_seconds());
>> -	strncpy(es->s_last_error_func, func, sizeof(es->s_last_error_func));
>> +	strlcpy(es->s_last_error_func, func, sizeof(es->s_last_error_func));
>>  	es->s_last_error_line = cpu_to_le32(line);
>>  	if (!es->s_first_error_time) {
>>  		es->s_first_error_time = es->s_last_error_time;
>> -		strncpy(es->s_first_error_func, func,
>> +		strlcpy(es->s_first_error_func, func,
>>  			sizeof(es->s_first_error_func));
>>  		es->s_first_error_line = cpu_to_le32(line);
>>  		es->s_first_error_ino = es->s_last_error_ino;
>> -- 
>> 1.8.3.1
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ