| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Oct 2020 16:34:12 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: laniel_francis@...vacyrequired.com,
linux-hardening@...r.kernel.org, davem@...emloft.net
Subject: Re: [RFC][PATCH v2 0/3] Fix inefficiences and rename nla_strlcpy
On Mon, 19 Oct 2020 15:58:36 -0700 Kees Cook wrote:
> On Mon, Oct 19, 2020 at 09:45:15AM -0700, Jakub Kicinski wrote:
> > On Mon, 19 Oct 2020 17:23:28 +0200 laniel_francis@...vacyrequired.com
> > wrote:
> > > To sum up, the first patch fixes an inefficiency where some bytes in dst were
> > > written twice, one with 0 the other with src content.
> > > The second one modifies nla_strlcpy to return the same value as strscpy,
> > > i.e. number of bytes written or -E2BIG if src was truncated.
> > > The third rename nla_strlcpy to nla_strcpy.
> > >
> > > Unfortunately, I did not find how to create struct nlattr objects so I tested
> > > my modifications on simple char*.
> > > This is why I tag this patch set as RFC.
> > >
> > > If you see any way to improve the code or have any remark, feel free to comment.
> >
> > You follow semantics of strscpy, yet rename to strcpy. Wouldn't it be
> > more intuitive for developers to rename to nla_strscpy?
>
> It's closer to strscpy_pad() but that seems a long name. What's
> preferred from the NLA perspective?
I think the pad part is pretty much implied in the netlink world.
All this stuff goes to user space, so we can't have uninit memory.
We may get more informed opinions once this hits netdev@.
Powered by blists - more mailing lists