| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19f84dd5-e769-aca9-a8ea-89008bfd9226@intel.com> Date: Tue, 10 Oct 2023 14:21:34 -0700 From: Jesse Brandeburg <jesse.brandeburg@...el.com> To: Justin Stitt <justinstitt@...gle.com>, Tony Nguyen <anthony.l.nguyen@...el.com>, "David S. Miller" <davem@...emloft.net>, "Eric Dumazet" <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> CC: <intel-wired-lan@...ts.osuosl.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-hardening@...r.kernel.org> Subject: Re: [PATCH] i40e: use scnprintf over strncpy+strncat On 10/10/2023 1:53 PM, Justin Stitt wrote: > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Moreover, `strncat` shouldn't really be used either as per > fortify-string.h: > * Do not use this function. While FORTIFY_SOURCE tries to avoid > * read and write overflows, this is only possible when the sizes > * of @p and @q are known to the compiler. Prefer building the > * string with formatting, via scnprintf() or similar. > > Instead, use `scnprintf` with "%s%s" format string. This code is now > more readable and robust. Please see my comments on the igbvf patch.
Powered by blists - more mailing lists