| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202309231950.698026E687@keescook> Date: Sat, 23 Sep 2023 19:51:58 -0700 From: Kees Cook <keescook@...omium.org> To: Justin Stitt <justinstitt@...gle.com> Cc: Borislav Petkov <bp@...en8.de>, Tony Luck <tony.luck@...el.com>, James Morse <james.morse@....com>, Mauro Carvalho Chehab <mchehab@...nel.org>, Robert Richter <rric@...nel.org>, linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v4] EDAC/mc_sysfs: refactor deprecated strncpy On Mon, Sep 18, 2023 at 07:47:29AM +0000, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > We've already calculated bounds, possible truncation with '\0' or '\n' > and manually NUL-terminated. The situation is now just a literal byte > copy from one buffer to another, let's treat it as such and use a less > ambiguous interface in memcpy. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Justin Stitt <justinstitt@...gle.com> Yeah, I think this looks good now. If a v5 is needed, a tiny improvement would be to update the Subject: to "...: replace strncpy with memcpy". Reviewed-by: Kees Cook <keescook@...omium.org> -Kees -- Kees Cook
Powered by blists - more mailing lists