lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <202011171402.0B95045@keescook> Date: Tue, 17 Nov 2020 14:02:58 -0800 From: Kees Cook <keescook@...omium.org> To: laniel_francis@...vacyrequired.com Cc: linux-hardening@...r.kernel.org, dja@...ens.net Subject: Re: [RFC PATCH v4 3/5] string.h: Add FORTIFY coverage for strscpy() On Mon, Nov 16, 2020 at 03:50:10PM +0100, laniel_francis@...vacyrequired.com wrote: > From: Francis Laniel <laniel_francis@...vacyrequired.com> > > The fortified version of strscpy ensures the following before vanilla strscpy > is called: > 1. There is no read overflow because we either size is smaller than src length > or we shrink size to src length by calling fortified strnlen. > 2. There is no write overflow because we either failed during compilation or at > runtime by checking that size is smaller than dest size. > > Signed-off-by: Francis Laniel <laniel_francis@...vacyrequired.com> Acked-by: Kees Cook <keescook@...omium.org> -- Kees Cook
Powered by blists - more mailing lists