| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jul 2017 14:05:55 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Dave Jones <davej@...emonkey.org.uk>,
Chris Metcalf <cmetcalf@...lanox.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
kasan-dev <kasan-dev@...glegroups.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Chris Metcalf <cmetcalf@...hip.com>
Subject: Re: [PATCH] lib/strscpy: avoid KASAN false positive
On Wed, Jul 19, 2017 at 6:05 PM, Dave Jones <davej@...emonkey.org.uk> wrote:
> On Wed, Jul 19, 2017 at 11:39:32AM -0400, Chris Metcalf wrote:
>
> > > We could just remove all that word-at-a-time logic. Do we have any
> > > evidence that this would harm anything?
> >
> > The word-at-a-time logic was part of the initial commit since I wanted
> > to ensure that strscpy could be used to replace strlcpy or strncpy without
> > serious concerns about performance.
>
> I'm curious what the typical length of the strings we're concerned about
> in this case are if this makes a difference.
My vote is for proceeding with the original Andrey's patch. It's not
perfect, but it's simple, short, minimally intrusive and fixes the
problem at hand. We can do something more fundamental when/if we have
more such cases.
Powered by blists - more mailing lists