| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202404151105.54B9DEABE8@keescook>
Date: Mon, 15 Apr 2024 11:06:58 -0700
From: Kees Cook <keescook@...omium.org>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Joe Perches <joe@...ches.com>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
Andy Whitcroft <apw@...onical.com>,
Dwaipayan Ray <dwaipayanray1@...il.com>,
Lukas Bulwahn <lukas.bulwahn@...il.com>,
linux-kernel@...r.kernel.org, Lee Jones <lee@...nel.org>,
linux-hardening@...r.kernel.org, Finn Thain <fthain@...ux-m68k.org>
Subject: Re: [PATCH v4] checkpatch: add check for snprintf to scnprintf
On Thu, Apr 11, 2024 at 03:10:57PM -0700, Justin Stitt wrote:
> On Thu, Apr 11, 2024 at 1:56 PM Joe Perches <joe@...ches.com> wrote:
> > It could.
> >
> > # {v}snprintf uses that should likely be {v}scnprintf
> > if ($line =~ /\b((v?)snprintf)\s*\(/) {
> > WARN("SNPRINTF",
> > "Prefer ${2}scnprintf over $1 - see: https://github.com/KSPP/linux/issues/105\n" . $herecurr);
> > }
> >
> >
> >
> > Though I also think it's better to use lore rather than github
>
> I am fine with making the UX change in v5 regarding using ${2} and $1
> but I wish someone could have said something about the Github links
> earlier, we already have a pattern going with these string api
> changes:
>
> "Prefer strscpy over strcpy - see:
> https://github.com/KSPP/linux/issues/88\n" . $herecurr);
> }
KSPP isn't going anywhere -- we've used these links before and we can
use them here too. I don't see any good reason to duplicate stuff into
lore, etc.
--
Kees Cook
Powered by blists - more mailing lists