| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jun 2018 15:34:43 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Josh Poimboeuf' <jpoimboe@...hat.com>,
Andy Shevchenko <andy.shevchenko@...il.com>
CC: kbuild test robot <lkp@...el.com>,
Michal Januszewski <spock@...too.org>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
"kbuild-all@...org" <kbuild-all@...org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Arnaldo Carvalho de Melo <acme@...hat.com>
Subject: RE: include/linux/string.h:246:9: warning: '__builtin_strncpy' output
truncated before terminating nul copying 4 bytes from a string of the same
length
From: Josh Poimboeuf
> Sent: 05 June 2018 16:30
...
> What about just changing it to a memcpy? Seems like that would be
> cleaner anyway, since the whole point of strncpy is to add the
> terminating NULL, which isn't need here.
Not really, the point of strncpy is to copy strings that might
not be '\0' terminated and to zero fill the target buffer.
Unfortunately strncpy() has often been used with the assumption
that it always terminates the target string - which isn't true.
Unfortunately you can't always replace strncpy with strlcpy or
snprintf because both those require the source string be '\0'
terminated - which isn't a requirement for strncpy.
This warning on __builtin_strncpy() seems ott to me.
The only fix is to audit the code and replace at least some of
the strncpy() with really_strncpy().
David
Powered by blists - more mailing lists