| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Jul 2021 16:53:59 +0200
From: Len Baker <len.baker@....com>
To: Robin Murphy <robin.murphy@....com>,
David Laight <David.Laight@...LAB.COM>,
'Geert Uytterhoeven' <geert@...ux-m68k.org>
Cc: Len Baker <len.baker@....com>, Kees Cook <keescook@...omium.org>,
Andy Gross <agross@...nel.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Magnus Damm <magnus.damm@...il.com>,
Santosh Shilimkar <ssantosh@...nel.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
linux-arm-msm <linux-arm-msm@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] drivers/soc: Remove all strcpy() uses in favor of
strscpy()
Hi,
On Wed, Jul 28, 2021 at 10:36:09AM +0100, Robin Murphy wrote:
> On 2021-07-28 09:36, David Laight wrote:
> > > > - strcpy(pd->name, area->name);
> > > > + strscpy(pd->name, area->name, area_name_size);
> >
> > You can just use memcpy().
>
> Indeed. In fact I'd go as far as saying that it might be worth teaching
> static checkers to recognise patterns that boil down to strscpy(dst, src,
> strlen(src) + 1) and flag them as suspect, because AFAICS that would always
> represent either an unnecessarily elaborate memcpy(), or far worse just an
> obfuscated strcpy().
Ok, I will use the memcpy function instead of strscpy. Thanks for the
feedback.
>
> Robin.
Regards,
Len
Powered by blists - more mailing lists