| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1186126375.3677.1.camel@gimli.at.home>
Date: Fri, 03 Aug 2007 09:32:55 +0200
From: Bernd Petrovitsch <bernd@...mix.at>
To: WANG Cong <xiyou.wangcong@...il.com>
Cc: Satyam Sharma <satyam@...radead.org>,
Jan Engelhardt <jengelh@...putergmbh.de>,
Guennadi Liakhovetski <g.liakhovetski@....de>,
linux-kernel@...r.kernel.org
Subject: Re: gcc fixed size char array initialization bug - known?
On Fri, 2007-08-03 at 11:40 +0800, WANG Cong wrote:
> On Fri, Aug 03, 2007 at 08:47:56AM +0530, Satyam Sharma wrote:
[....]
> >While we're talking of null-termination of strings, then I bet you
> >generally want to be using strlcpy(), really. Often strncpy() isn't
> >what you want. Of course, if that buffer isn't a string at all, then
> >you should be using memfoo() functions and not strbar() ones in the
> >first place ...
>
> Afaik, strlcpy() and strlcat() are NOT standard C library functions.
Yes, because they are not old enough as they are results of lessons
learned with strncpy() and strcpy() and other buffer overflows.
> But, I know, they are available in Linux kernel. ;) And yes, they
> are better than strn{cpy,cat}().
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists