lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 May 2019 10:56:03 +0800 From: Wenlin Kang <wenlin.kang@...driver.com> To: Daniel Thompson <daniel.thompson@...aro.org> CC: <jason.wessel@...driver.com>, <prarit@...hat.com>, <kgdb-bugreport@...ts.sourceforge.net>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] kdb: Fix bound check compiler warning On 5/8/19 4:16 PM, Daniel Thompson wrote: > On Wed, May 08, 2019 at 09:52:39AM +0800, Wenlin Kang wrote: >> The strncpy() function may leave the destination string buffer >> unterminated, better use strlcpy() instead. >> >> This fixes the following warning with gcc 8.2: >> >> kernel/debug/kdb/kdb_io.c: In function 'kdb_getstr': >> kernel/debug/kdb/kdb_io.c:449:3: warning: 'strncpy' specified bound 256 equals destination size [-Wstringop-truncation] >> strncpy(kdb_prompt_str, prompt, CMD_BUFLEN); >> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> Signed-off-by: Wenlin Kang <wenlin.kang@...driver.com> >> --- >> kernel/debug/kdb/kdb_io.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c >> index 6a4b414..7fd4513 100644 >> --- a/kernel/debug/kdb/kdb_io.c >> +++ b/kernel/debug/kdb/kdb_io.c >> @@ -446,7 +446,7 @@ static char *kdb_read(char *buffer, size_t bufsize) >> char *kdb_getstr(char *buffer, size_t bufsize, const char *prompt) >> { >> if (prompt && kdb_prompt_str != prompt) >> - strncpy(kdb_prompt_str, prompt, CMD_BUFLEN); >> + strlcpy(kdb_prompt_str, prompt, CMD_BUFLEN); > Shouldn't that be strscpy? Hi Daniel I thought about strscpy, but I think strlcpy is better, because it only copy the real number of characters if src string less than that size. > > > Daniel. > >> kdb_printf(kdb_prompt_str); >> kdb_nextline = 1; /* Prompt and input resets line number */ >> return kdb_read(buffer, bufsize); >> -- >> 1.9.1 >> -- Thanks, Wenlin Kang
Powered by blists - more mailing lists