lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 17 Nov 2009 11:41:05 -0500
From:	Valdis.Kletnieks@...edu
To:	Pádraig Brady <P@...igBrady.com>
Cc:	Roel Kluin <roel.kluin@...il.com>,
	Randy Dunlap <rdunlap@...otime.net>, linux-doc@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	David Wagner <daw@...berkeley.edu>
Subject: Re: [PATCH] Documentation: Fix NUL termination of strncpy

On Tue, 17 Nov 2009 12:25:03 GMT, Pádraig Brady said:

> You need to explicitly NUL terminate strncpy():
> http://www.pixelbeat.org/programming/gcc/string_buffers.html

Umm. Actually, no.  It's *nice* if you explicitly do it.  However, it's
not strictly *required*. Consider this code:

struct a {
	int b, c;
	char d[20];
}

bzero(a,sizeof(a)); /* voila! a->d[19] is now a \0 */

Perfectly valid and we do it all the time. Your referenced web page comments
that using memset() or bzero() is inefficient - I wonder if they actually
*tested* the difference between using one memset() or bzero() on a large
structure compared to lots and lots of explicit initialization statements
(i-cache issues probably most important there). The downside is that there's a
greater chance of some programmer refactoring code and bollixing it up. (The
astute reader will remember a short thread about this not too long ago.. :)

And if you're truly careful and always use the strn- variants of the string
functions, it's actually possible to *not* null-terminate the strings.  But
it results in very brittle code and makes Baby Andrew cry, mostly because when
somebody adds a printf() to debug the brittle code, it suddenly becomes even
more brittle... :) 

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ