| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jLPUZaooSD6yH3zJSW1jmA-kCT204X3indf7JRd5mAuyg@mail.gmail.com> Date: Sat, 16 Aug 2014 16:39:46 -0500 From: Kees Cook <keescook@...omium.org> To: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Peng Tao <bergwolf@...il.com>, Masanari Iida <standby24x7@...il.com>, Mike Sampson <mike@...bodata.com>, devel@...verdev.osuosl.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] staging: lustre: lustre: libcfs: workitem.c: Cleaning up missing null-terminate after strncpy call On Sat, Aug 16, 2014 at 4:14 PM, Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> wrote: > 2014-08-12 16:58 GMT+02:00 Kees Cook <keescook@...omium.org>: >> On Sat, Aug 9, 2014 at 4:46 PM, Rickard Strandqvist >> <rickard_strandqvist@...ctrumdigital.se> wrote: >>> Added a guaranteed null-terminate after call to strncpy. >>> >>> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> >>> --- >>> drivers/staging/lustre/lustre/libcfs/workitem.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/drivers/staging/lustre/lustre/libcfs/workitem.c b/drivers/staging/lustre/lustre/libcfs/workitem.c >>> index 0a03bf7..60326f2 100644 >>> --- a/drivers/staging/lustre/lustre/libcfs/workitem.c >>> +++ b/drivers/staging/lustre/lustre/libcfs/workitem.c >>> @@ -365,6 +365,7 @@ cfs_wi_sched_create(char *name, struct cfs_cpt_table *cptab, >>> return -ENOMEM; >>> >>> strncpy(sched->ws_name, name, CFS_WS_NAME_LEN); >>> + sched->ws_name[CFS_WS_NAME_LEN - 1] = '\0'; >>> sched->ws_cptab = cptab; >>> sched->ws_cpt = cpt; >> >> This seems like a place for strlcpy instead? >> >> -Kees >> >> -- >> Kees Cook >> Chrome OS Security > > Hi Kees > > Sure, strlcpy is preferable in many ways if we only can guarantee that > it is safe. > I have seldom received so much criticism when I start switching to > strlcpy, although much of it was justified :) > Even Linus was getting into the debate. See more: > > https://plus.google.com/111049168280159033135/posts/1amLbuhWbh5 > > > I do this only when I'm sure it will not cause any other problems. > But if you or anyone else can guarantee that in this case, so I'd make > a new patch with strlcpy. Ah right, yeah, that limitation is weird. In that case, for your original patch: Reviewed-by: Kees Cook <keescook@...omium.org> -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists