lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <a67a79a6-5397-abc2-f222-bb4cb62ee6e3@virtuozzo.com> Date: Tue, 12 Dec 2017 19:06:12 +0300 From: Andrey Ryabinin <aryabinin@...tuozzo.com> To: David Laight <David.Laight@...LAB.COM>, Kees Cook <keescook@...omium.org>, Dmitry Vyukov <dvyukov@...gle.com> Cc: Eryu Guan <eguan@...hat.com>, LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Chris Metcalf <cmetcalf@...hip.com>, Alexander Potapenko <glider@...gle.com>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH] lib/string: avoid reading beyond src buffer in strscpy On 12/12/2017 01:19 PM, David Laight wrote: > From: Andrey Ryabinin >> Sent: 11 December 2017 16:44 > ... >> I suppose that depends on which one strscpy() caller you'd want to test. >> Briefly looking at all current users, it doesn't look like they process huge amounts >> of data through strscpy(), thus we shouldn't suffer from a slight >> performance degradation of strscpy(). > > Don't most of the fast string functions use the same kind of > optimisations. > strlen() is very likely to do 64 bit reads and then shifts (etc) > to determine whether any of the bytes are zero. > See for yourself, strscpy() is the only sting function doing this. > David >
Powered by blists - more mailing lists