| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Jul 2023 14:06:44 -0400
From: Azeem Shaikh <azeemshaikh38@...il.com>
To: David Laight <David.Laight@...lab.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] kobject: Replace strlcpy with strscpy
On Mon, Jul 10, 2023 at 9:13 AM David Laight <David.Laight@...lab.com> wrote:
>
> > int len;
> >
> > - len = strlcpy(&env->buf[env->buflen], subsystem, buffer_size);
> > - if (len >= buffer_size) {
> > + len = strscpy(&env->buf[env->buflen], subsystem, buffer_size);
> > + if (len < 0) {
> > pr_warn("init_uevent_argv: buffer size of %d too small, needed %d\n",
> > buffer_size, len);
> > return -ENOMEM;
>
> The size in the error message is now wrong.
Thanks for catching this.
> It has to be said that mostly all the strings that get copied
> in the kernel are '\0' terminated - so maybe it is all moot.
> OTOH printing (at least some of) the string that didn't fit
> is a lot more useful than its length.
How about printing out strlen(subsystem) along with the entire value
of @subsystem? So that the warn reads:
pr_warn("init_uevent_argv: buffer size of %d too small for %s, needed
%d\n", buffer_size, subsystem, strlen(subsystem));
Does that seem better?
Powered by blists - more mailing lists