| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20141016141727.4a9e0af30568f6cf0e5bad8e@linux-foundation.org> Date: Thu, 16 Oct 2014 14:17:27 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> Cc: Grant Likely <grant.likely@...aro.org>, Andi Kleen <ak@...ux.intel.com>, Dan Carpenter <dan.carpenter@...cle.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2] lib: string.c: Added a funktion function strzcpy On Thu, 16 Oct 2014 23:09:00 +0200 Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> wrote: > 2014-10-16 0:15 GMT+02:00 Andrew Morton <akpm@...ux-foundation.org>: > > On Sun, 5 Oct 2014 15:06:17 +0200 Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> wrote: > > > >> Added a function strzcpy which works the same as strncpy, > >> but guaranteed to produce the trailing null character. > >> > >> There are many places in the code where strncpy used although it > >> must be zero terminated, and switching to strlcpy is not an option > >> because the string must nonetheless be fyld with zero characters. > > > > As I mentioned last time, I think this patch would be better if it came > > with follow-on patches which convert at least some of those callsites. > > As it stands, this function has no callers and hence it won't get > > tested. Plus those follow-on patches will demonstrate the value of > > this patch and will provide example usages. > > > Hi > > Sure I can do that! I have saved some patches just to be able to use > this new feature. > But should I submit everything as one patch then? > Or is there some kind of dependency thing I can use... [patch 1/N] lib/string.c: add strzcpy() [patch 2/N] foo/bar/zot.c: use strzcpy() [patch 3/N] fooz/barz/zot.c: use strzcpy() ... > I have also e-mailed with Dan about this, he pointed out the same as > some of my tests indicate that strzcpy maybe just should use strncpy > and add a null character instead because strncpy is optimized > depending on the hardware it runs on. > What do you think about that? Sounds like strzcpy() should be used in places where the entire buffer will be copied out to userspace, or in other situations where we want to zero it out for security reasons? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists