| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2b728c10-1c76-5e7f-1aa1-c7c1dc4a7125@redhat.com>
Date: Mon, 5 Nov 2018 06:39:56 -0500
From: Prarit Bhargava <prarit@...hat.com>
To: Daniel Thompson <daniel.thompson@...aro.org>,
Jason Wessel <jason.wessel@...driver.com>
Cc: Olof Johansson <olof@...om.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
kgdb-bugreport@...ts.sourceforge.net
Subject: Re: [PATCH] kdb: fix strncpy warning
On 11/03/2018 12:54 PM, Olof Johansson wrote:
> On Sat, Nov 3, 2018 at 8:39 AM Daniel Thompson
> <daniel.thompson@...aro.org> wrote:
>>
>> On Fri, Nov 02, 2018 at 02:24:05PM -0700, Olof Johansson wrote:
>>> kdb does a strncpy(a, b, strlen(b)+1), which makes no sense. Might as
>>> well do a strcpy at this point.
>>>
>>> Fixes this warning:
>>>
>>> In function 'strncpy', inlined from 'kallsyms_symbol_next' at kernel/debug/kdb/kdb_support.c:239:4:
>>> ./include/linux/string.h:253:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
>>
>> I think we already have a pending patch for this:
>> https://lore.kernel.org/patchwork/patch/989013/
>>
>> When we looked into this there actually is an unchecked overflow here so
>> Prarit's fix adds infrastructure to keep track of the remaining length.
>
> I'm not surprised that there are more bugs.
>
> The above patch was posted a month and a half ago though, why is it
> not yet merged? Can we get it in by -rc2, please?
>
>
Jason? ping? Just making sure the above patch is in your queue.
P.
> -Olof
>
Powered by blists - more mailing lists