lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 15 Mar 2019 07:30:22 +0100
From:   Dominique Martinet <asmadeus@...ewreck.org>
To:     Jens Axboe <axboe@...nel.dk>
Cc:     Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>, linux-block@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 15/18] blktrace: change strncpy+truncation to strlcpy

Jens, Steven,

Jens Axboe wrote on Thu, Mar 14, 2019:
> On 3/14/19 7:37 PM, Steven Rostedt wrote:
> > I noticed this old patch in my inbox. It looks like a legit cleanup.
> > Want to take it?
> 
> Indeed, I've applied it. Thanks!

Thanks. I am terribly sorry about this patch series to be honest, I did
not prepare it properly and sent too many generic patches at once but
more importantly some were unsafe (strlcpy expects the input string to
be validly formatted, because it basically does strlen() on it to check
how much hasn't been copied for its return value)
I was pointed out strscpy instead as a safer alternative.

In this case `name` comes from bdevname() which is disk_name() in
block/partition-generic.c which is a snprintf, so we are guaranted
null truncation from there and it should be OK, but I wanted to check
and point it out.


Anyway, thanks!
-- 
Dominique

Powered by blists - more mailing lists