lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Jun 2018 19:22:20 -0700 From: Max Filippov <jcmvbkbc@...il.com> To: Stafford Horne <shorne@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, Greg KH <gregkh@...uxfoundation.org>, Arnd Bergmann <arnd@...db.de>, linux-crypto@...r.kernel.org, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> Subject: Re: [RFC PATCH 1/2] crypto: Fix -Wstringop-truncation warnings On Fri, Jun 22, 2018 at 7:07 PM, Stafford Horne <shorne@...il.com> wrote: > As of GCC 9.0.0 the build is reporting warnings like: > > crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: > crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] > strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > sizeof(rblkcipher.geniv)); > ~~~~~~~~~~~~~~~~~~~~~~~~~ > > This means the strnycpy might create a non null terminated string. Fix this by > limiting the size of the string copy to include the null terminator. That could work if the destination buffer was zero-initialized, but it's allocated on stack and is not initialized. Replacing strncpy with strlcpy without changing its arguments should do the right thing. -- Thanks. -- Max
Powered by blists - more mailing lists