lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFhGd8rjDRTY8JjWx_zt8xBHGcJYzp5VpFf_sN+s-kRcr1JKBw@mail.gmail.com>
Date: Wed, 3 Apr 2024 10:46:50 -0700
From: Justin Stitt <justinstitt@...gle.com>
To: Daniel Thompson <daniel.thompson@...aro.org>
Cc: Jason Wessel <jason.wessel@...driver.com>, Douglas Anderson <dianders@...omium.org>, 
	kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org, 
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH] kdb: replace deprecated strncpy

On Wed, Apr 3, 2024 at 4:23 AM Daniel Thompson
<daniel.thompson@...aro.org> wrote:
> > -                     strncpy(cp, p_tmp+len, len_tmp-len + 1);
> > +                     memcpy(cp, p_tmp+len, len_tmp-len + 1);
>
> Roughly the same question here. The original coded is obviously wrong
> so trusting it did the boundary checks properly seems unwise.
>
> Are you sure it is OK to make this copy with checking against bufend?
>

I am going to revisit this and find a better solution. Thanks Daniel.

>
> Daniel.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ