lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 4 Sep 2022 11:21:10 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     Kees Cook <keescook@...omium.org>,
        Guenter Roeck <linux@...ck-us.net>
Cc:     Wolfram Sang <wsa+renesas@...g-engineering.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Jonathan Corbet <corbet@....net>,
        Len Baker <len.baker@....com>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Andy Shevchenko <andriy.shevchenko@...el.com>,
        Francis Laniel <laniel_francis@...vacyrequired.com>,
        Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] string: Introduce strtomem() and strtomem_pad()

On 9/3/22 05:49, Kees Cook wrote:
> +/**
> + * strncpy - Copy a string to memory with non-guaranteed NUL padding
> + *
> + * @p: pointer to destination of copy
> + * @q: pointer to NUL-terminated source string to copy
> + * @size: bytes to write at @p
> + *
> + * If strlen(@q) >= @size, the copy of @q will stop after @size bytes,
> + * and @p will NOT be NUL-terminated
> + *
> + * If strlen(@q) < @size, following the copy of @q, trailing NUL bytes
> + * will be written to @p until @size total bytes have been written.
> + *
> + * Do not use this function. While FORTIFY_SOURCE tries to avoid
> + * over-reads of @q, it cannot defend against writing unterminated
> + * results to @p. Using strncpy() remains ambiguous and fragile.
> + * Instead, please choose an alternative, so that the expectation
> + * of @p's contents is unambiguous:
> + *
> + * +--------------------+-----------------+------------+
> + * | @p needs to be:    | padded to @size | not padded |
> + * +====================+=================+============+
> + * |     NUL-terminated | strscpy_pad()   | strscpy()  |
> + * +--------------------+-----------------+------------+
> + * | not NUL-terminated | strtomem_pad()  | strtomem() |
> + * +--------------------+-----------------+------------+
> + *
> + * Note strscpy*()'s differing return values for detecting truncation,
> + * and strtomem*()'s expectation that the destination is marked with
> + * __nonstring when it is a character array.
> + *
> + */

Hi,

I don't see the strncpy description above rendered in htmldocs output.
Instead, I got:

```

char * strncpy(char *dest, const char *src, size_t count)ΒΆ

    Copy a length-limited, C-string

Parameters

char *dest

    Where to copy the string to
const char *src

    Where to copy the string from
size_t count

    The maximum number of bytes to copy

Description

The result is not NUL-terminated if the source exceeds count bytes.

In the case where the length of src is less than that of count, the remainder of dest will be padded with NUL.
```

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

Powered by blists - more mailing lists