lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <d17bd7f8-a70e-dac3-be69-3cf10c2f19e4@gmail.com> Date: Sun, 4 Sep 2022 11:21:10 +0700 From: Bagas Sanjaya <bagasdotme@...il.com> To: Kees Cook <keescook@...omium.org>, Guenter Roeck <linux@...ck-us.net> Cc: Wolfram Sang <wsa+renesas@...g-engineering.com>, Nick Desaulniers <ndesaulniers@...gle.com>, Geert Uytterhoeven <geert@...ux-m68k.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Jonathan Corbet <corbet@....net>, Len Baker <len.baker@....com>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Andy Shevchenko <andriy.shevchenko@...el.com>, Francis Laniel <laniel_francis@...vacyrequired.com>, Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v3] string: Introduce strtomem() and strtomem_pad() On 9/3/22 05:49, Kees Cook wrote: > +/** > + * strncpy - Copy a string to memory with non-guaranteed NUL padding > + * > + * @p: pointer to destination of copy > + * @q: pointer to NUL-terminated source string to copy > + * @size: bytes to write at @p > + * > + * If strlen(@q) >= @size, the copy of @q will stop after @size bytes, > + * and @p will NOT be NUL-terminated > + * > + * If strlen(@q) < @size, following the copy of @q, trailing NUL bytes > + * will be written to @p until @size total bytes have been written. > + * > + * Do not use this function. While FORTIFY_SOURCE tries to avoid > + * over-reads of @q, it cannot defend against writing unterminated > + * results to @p. Using strncpy() remains ambiguous and fragile. > + * Instead, please choose an alternative, so that the expectation > + * of @p's contents is unambiguous: > + * > + * +--------------------+-----------------+------------+ > + * | @p needs to be: | padded to @size | not padded | > + * +====================+=================+============+ > + * | NUL-terminated | strscpy_pad() | strscpy() | > + * +--------------------+-----------------+------------+ > + * | not NUL-terminated | strtomem_pad() | strtomem() | > + * +--------------------+-----------------+------------+ > + * > + * Note strscpy*()'s differing return values for detecting truncation, > + * and strtomem*()'s expectation that the destination is marked with > + * __nonstring when it is a character array. > + * > + */ Hi, I don't see the strncpy description above rendered in htmldocs output. Instead, I got: ``` char * strncpy(char *dest, const char *src, size_t count)ΒΆ Copy a length-limited, C-string Parameters char *dest Where to copy the string to const char *src Where to copy the string from size_t count The maximum number of bytes to copy Description The result is not NUL-terminated if the source exceeds count bytes. In the case where the length of src is less than that of count, the remainder of dest will be padded with NUL. ``` Thanks. -- An old man doll... just what I always wanted! - Clara
Powered by blists - more mailing lists