lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 8 Nov 2021 14:16:16 +0530
From:   Ajay Garg <>
To:     Andy Shevchenko <>
Cc:     "" <>,
        Kees Cook <>,
        "" <>,
        "" <>,
        Nick Desaulniers <>,
        Linux Kernel Mailing List <>,
        "" <>
Subject: Re: RFC for a new string-copy function, using mixtures of strlcpy and strscpy

On Mon, Nov 8, 2021 at 2:04 PM Andy Shevchenko <andy.shevchenko
> >
> > For example, in file fs/kernfs/dir.c, there are methods like
> > "kernfs_name_locked", "kernfs_path_from_node_locked" which simply
> > consume the return-value without any checks.
> >
> > All the above functions have a simple motive : copy as much bytes as
> > possible in the destination buffer, and then consume/return the number
> > of bytes actually copied (minus the null-terminator byte of course).
> Nope. Read the comment WRT strscpy().

Seems there is a confusion.

I meant the functions "kernfs_name_locked" and others in
fs/kernfs/dir.c, that use strlcpy and then simply consume/propogate
the return-value without any checks.

> > If checks are to be put in-place, it would be too much code/churn,
> > adding if checks all over the place.
> Yep, that's why in some cases where we know that there can't be
> overflow the checks are not present. In some cases it's historically
> like this, in some cases checks might be useful and so on. But no, we
> do not need more chaos in the string functions.

If the client knows that overflow cannot be there, it is better to use
the simple vanilla strcpy.
Using strlcpy means that the client believes there might be case when
src-buffer might be bigger.

Again, functions like "kernfs_name_locked" and others in
fs/kernfs/dir.c demonstrate that the client cannot be sure whether the
src-buffer is small enough to be fit into the dest-buffer.

Thanks and Regards,

Powered by blists - more mailing lists