lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140918085105.GB16827@mwanda>
Date:	Thu, 18 Sep 2014 11:51:05 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Peng Tao <bergwolf@...il.com>, devel@...verdev.osuosl.org,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] staging: lustre: lustre: libcfs: debug.c: Cleaning up
 unnecessary use of memset in conjunction with strncpy

On Thu, Sep 18, 2014 at 12:12:42AM +0200, Rickard Strandqvist wrote:
> Hi Dan
> 
> Ok, I have made two suggestions for strncpy function that also
> guarantees a terminating null character.
> 1) retunerar number of characters to be copied, it can be good to
> have, but was not really satisfied.

strlcpy() is more popular the strncpy() in the kernel.

No one uses the return value of strncpy() because what is the point?
There are around 15-20 places which use the return value of strlcpy().
Some of the place which use the return value assume that the copy fits.

I think we should return the number of bytes before the NUL or else
count.

> 
> int strncpyz(char *dest, const char *src, size_t count)
> {
>   size_t len=0;
> 
>   if(0 == count)
>     return 0;
> 
>   --count;
>   while(len < count && src[len])
>    *dest++ = src[len++];
> 
>   do {
>     *dest++ = '\0';
>   }
>   while(len < count--);
> 
>   return len;
> }
> 
> 
> 2) The next version is almost the same code as the regular strncpy,
> but with two extra lines.
> 
> char *strncpyz(char *dest, const char *src, size_t count)
> {
>         char *tmp = dest;
> 
>         while (count) {
>                 if ((*tmp = *src) != 0)
>                         src++;
>                 tmp++;
>                 count--;
>         }
> 
>         if(tmp != dest)
>           *--tmp = '\0';
> 
>         return dest;
> }
> 
> 
> Since I did not got any better solution to variant 1, I prefer variant 2.

I also prefer variant 2.

> 
> Then the next question is of course what it should be called  :-)

I think a lot of people call this function strzcpy().

This sort of patch would go through Andrew Morton.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ