lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 25 Jul 2019 17:51:22 -0500 (CDT)
From:   Julia Lawall <julia.lawall@...6.fr>
To:     Joe Perches <joe@...ches.com>
cc:     David Laight <David.Laight@...LAB.COM>,
        cocci <cocci@...teme.lip6.fr>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [Fwd: [PATCH 1/2] string: Add stracpy and stracpy_pad
 mechanisms]

> > > Perhaps this "x =" should also include += and +
> > > and the various other operators that are possible
> > > or does SmPL grammar already do that?

This is now done.  It seems to have had no impact.

> Anywhere the return value of strlcpy is used, not just as
> an assignment, is an instance that should not be changed.

Mostly what is changed for strlcpy is the case where there is a ; after
the call, so that is not going to match an if test, etc.  It also doesn't
match the right side of an assignment.  The only case of an assignment
that is matched is when the variable is not used afterwards.

The rule now properly checks that the third argument is the size of the
first argument.  This made a small reduction in the number of results.

julia
View attachment "stracpy.cocci" of type "text/plain" (635 bytes)

View attachment "stracpy.out" of type "text/plain" (96580 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ