lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 May 2015 21:22:06 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Andy Lutomirski <luto@...capital.net>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Fenghua Yu <fenghua.yu@...el.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Denys Vlasenko <dvlasenk@...hat.com>,
	Ingo Molnar <mingo@...hat.com>,
	Brian Gerst <brgerst@...il.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Igor Mammedov <imammedo@...hat.com>,
	the arch/x86 maintainers <x86@...nel.org>,
	Prarit Bhargava <prarit@...hat.com>
Subject: Re: [PATCH] x86, cpuinfo x86_model_id whitespace cleanup

On Tue, May 19, 2015 at 11:44:41AM -0700, Andy Lutomirski wrote:
> On May 19, 2015 11:13 AM, "Borislav Petkov" <bp@...en8.de> wrote:
> >
> > On Tue, May 19, 2015 at 01:25:59PM -0400, Brian Gerst wrote:
> > > Using strlcpy in this manner could fail if it does larger than byte
> > > copies and they overlap.
> >
> > Why?
> >
> > AFAICT, strlcpy() calls memcpy() and memcpy should handle overlapping
> > buffers just fine.
> 
> Are you thinking of memmove?

I guess I'm trying to find out why don't we have a BIG FAT WARNING over
memcpy saying not to use it with overlapping buffers and larger than
byte sizes. Or maybe this is something everyone, except me, just knows
and that's a "Doh, Boris, of course!".

Btw, can we still avoid using the temporary buffer and use strncpy()
instead? AFAICT, that does byte copies, from looking at the asm.

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ