| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHp75Veisrih_3Aj1TN=gX=d4+ebKOwnt3eUwATgAr+3x_iywg@mail.gmail.com> Date: Wed, 31 Jan 2024 09:35:18 +0200 From: Andy Shevchenko <andy.shevchenko@...il.com> To: Kees Cook <keescook@...omium.org> Cc: Andy Shevchenko <andy@...nel.org>, Justin Stitt <justinstitt@...gle.com>, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] string: Allow 2-argument strscpy() On Wed, Jan 31, 2024 at 7:53 AM Kees Cook <keescook@...omium.org> wrote: > > Using sizeof(dst) for the "size" argument in strscpy() is the > overwhelmingly common case. Instead of requiring this everywhere, allow a > 2-argument version to be used that will use the sizeof() internally. There > are other functions in the kernel with optional arguments[1], so this > isn't unprecedented, and improves readability. Update and relocate the > kern-doc for strscpy() too. > > This could additionally let us save a few hundred lines of code: > 1177 files changed, 2455 insertions(+), 3026 deletions(-) > with a treewide cleanup using Coccinelle: > > @needless_arg@ > expression DST, SRC; > @@ > > strscpy(DST, SRC > -, sizeof(DST) > ) ... Shouldn't you include, if not yet, args.h to string.h? ... > +/** > + * strscpy - Copy a C-string into a sized buffer > + * @dst: Where to copy the string to > + * @src: Where to copy the string from > + * @...: Size of destination buffer (optional) > + * > + * Copy the source string @src, or as much of it as fits, into the > + * destination @dst buffer. The behavior is undefined if the string > + * buffers overlap. The destination @dst buffer is always NUL terminated, > + * unless it's zero-sized. > + * > + * The size argument @... is only required when @dst is not an array, or > + * when the copy needs to be smaller than sizeof(@dst). > + * > + * Preferred to strncpy() since it always returns a valid string, and > + * doesn't unnecessarily force the tail of the destination buffer to be > + * zero padded. If padding is desired please use strscpy_pad(). For the sake of consistency shouldn't that be updated the same way? > + * Returns the number of characters copied in @dst (not including the > + * trailing %NUL) or -E2BIG if @size is 0 or the copy from @src was > + * truncated. > + */ -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists