| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Feb 2024 17:02:16 +0200
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Shevchenko <andy@...nel.org>, Richard Weinberger <richard@....at>, linux-um@...ts.infradead.org,
Justin Stitt <justinstitt@...gle.com>, Anton Ivanov <anton.ivanov@...bridgegreys.com>,
Johannes Berg <johannes@...solutions.net>,
Willem de Bruijn <willemdebruijn.kernel@...il.com>, Jason Wang <jasowang@...hat.com>,
kernel test robot <lkp@...el.com>, Nathan Chancellor <nathan@...nel.org>,
Azeem Shaikh <azeemshaikh38@...il.com>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3 4/4] um: Convert strscpy() usage to 2-argument style
On Tue, Feb 6, 2024 at 4:22 PM Kees Cook <keescook@...omium.org> wrote:
>
> The ARCH=um build has its own idea about strscpy()'s definition. Adjust
> the callers to remove the redundant sizeof() arguments ahead of treewide
> changes, since it needs a manual adjustment for the newly named
> sized_strscpy() export.
...
> - strscpy(dir, home, sizeof(dir));
> + strscpy(dir, home);
> uml_dir++;
> }
> strlcat(dir, uml_dir, sizeof(dir));
An (unrelated) side note: are we going to get rid of strlcat() as well
(after strlcpy() is gone)?
...
> if (*umid == '\0') {
> - strscpy(tmp, uml_dir, sizeof(tmp));
> + strscpy(tmp, uml_dir);
> strlcat(tmp, "XXXXXX", sizeof(tmp));
This code is interesting... (Esp. taking into account making a
temporary folder out of this...)
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists