| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Aug 2021 13:30:43 +0200
From: Len Baker <len.baker@....com>
To: Joe Perches <joe@...ches.com>
Cc: Len Baker <len.baker@....com>, Kees Cook <keescook@...omium.org>,
"Russell King (Oracle)" <linux@...linux.org.uk>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Lee Jones <lee.jones@...aro.org>,
Uwe Kleine-König
<u.kleine-koenig@...gutronix.de>, linux-hardening@...r.kernel.org,
linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/input: Remove all strcpy() uses in favor of
strscpy()
Hi,
On Sat, Aug 07, 2021 at 08:17:39AM -0700, Joe Perches wrote:
> On Sat, 2021-08-07 at 16:02 +0200, Len Baker wrote:
> > On Sun, Aug 01, 2021 at 09:44:33AM -0700, Kees Cook wrote:
> []
> > > One thing is clear: replacing strlcpy() with strscpy() is probably the
> > > easiest and best first step to cleaning up the proliferation of str*()
> > > functions.
> >
> > Thanks for all this info. I will work on it (clean up the proliferation
> > of str*() functions).
>
> btw:
>
> It's not possible to sed as the return value is different,
> but here is a cocci script that converts strlcpy to strscpy
> when the return value is unused.
>
> @@
> expression e1, e2, e3;
> @@
>
> - strlcpy(
> + strscpy(
> e1, e2, e3);
>
> This cocci script was used on sound/ awhile back.
> see commit 75b1a8f9d62e.
Thanks a lot for your help on this. I will take into account all this info.
Regards,
Len
Powered by blists - more mailing lists