| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jun 2014 08:45:04 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> Cc: devel@...verdev.osuosl.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-usb@...r.kernel.org, navin patidar <navinp@...c.in>, Valentina Manea <valentina.manea.m@...il.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] staging: usbip: stub_main.c: Cleaning up missing null-terminate after strncpy call On Tue, Jun 10, 2014 at 10:48:35PM +0200, Rickard Strandqvist wrote: > Hi > > True! > Sorry :-( > > But then one would either operate strcpy outright. > > Or use strlcpy then the code would be: > > /* strlcpy() handles not include \0 */ > len = strlcpy(busid, buf + 4, BUSID_SIZE); > > /* busid needs to include \0 termination */ > if (!(len < BUSID_SIZE)) I don't like this condition. Just say (len >= BUSID_SIZE). The comments here are obvious and could be left out. > return -EINVAL; I don't have strong feelings about a cleanup patch. But I think that cppcheck is not being very sofisticated here with the NUL termination warning so we should not go out of our way to try to silence the warning. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists