lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BL0PR11MB3122A776FB2F62D5044B1D60BDD7A@BL0PR11MB3122.namprd11.prod.outlook.com> Date: Mon, 16 Oct 2023 08:45:38 +0000 From: "Pucha, HimasekharX Reddy" <himasekharx.reddy.pucha@...el.com> To: Justin Stitt <justinstitt@...gle.com>, "Brandeburg, Jesse" <jesse.brandeburg@...el.com>, "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>, "David S. Miller" <davem@...emloft.net>, "Eric Dumazet" <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>, "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [Intel-wired-lan] [PATCH v1 net-next 4/7] i40e: use scnprintf over strncpy+strncat > -----Original Message----- > From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of Justin Stitt > Sent: Wednesday, October 11, 2023 3:57 AM > To: Brandeburg, Jesse <jesse.brandeburg@...el.com>; Nguyen, Anthony L <anthony.l.nguyen@...el.com>; David S. Miller <davem@...emloft.net>; Eric Dumazet <edumazet@...gle.com>; Jakub Kicinski <kuba@...nel.org>; Paolo Abeni <pabeni@...hat.com> > Cc: netdev@...r.kernel.org; Justin Stitt <justinstitt@...gle.com>; intel-wired-lan@...ts.osuosl.org; linux-hardening@...r.kernel.org; linux-kernel@...r.kernel.org > Subject: [Intel-wired-lan] [PATCH v1 net-next 4/7] i40e: use scnprintf over strncpy+strncat > > `strncpy` is deprecated for use on NUL-terminated destination strings > [1] and as such we should prefer more robust and less ambiguous string > interfaces. > > Moreover, `strncat` shouldn't really be used either as per > fortify-string.h: > * Do not use this function. While FORTIFY_SOURCE tries to avoid > * read and write overflows, this is only possible when the sizes > * of @p and @q are known to the compiler. Prefer building the > * string with formatting, via scnprintf() or similar. > > Instead, use `scnprintf` with "%s%s" format string. This code is now > more readable and robust. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Justin Stitt <justinstitt@...gle.com> > > --- > Note: build-tested only. > --- > drivers/net/ethernet/intel/i40e/i40e_ddp.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@...el.com> (A Contingent worker at Intel)
Powered by blists - more mailing lists