lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 12 May 2019 10:00:03 +0100
From:   Daniel Thompson <daniel.thompson@...aro.org>
To:     Wenlin Kang <wenlin.kang@...driver.com>
Cc:     jason.wessel@...driver.com, prarit@...hat.com,
        kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kdb: Fix bound check compiler warning

On Thu, May 09, 2019 at 10:56:03AM +0800, Wenlin Kang wrote:
> On 5/8/19 4:16 PM, Daniel Thompson wrote:
> > On Wed, May 08, 2019 at 09:52:39AM +0800, Wenlin Kang wrote:
> > > The strncpy() function may leave the destination string buffer
> > > unterminated, better use strlcpy() instead.
> > > 
> > > This fixes the following warning with gcc 8.2:
> > > 
> > > kernel/debug/kdb/kdb_io.c: In function 'kdb_getstr':
> > > kernel/debug/kdb/kdb_io.c:449:3: warning: 'strncpy' specified bound 256 equals destination size [-Wstringop-truncation]
> > >     strncpy(kdb_prompt_str, prompt, CMD_BUFLEN);
> > >     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > 
> > > Signed-off-by: Wenlin Kang <wenlin.kang@...driver.com>
> > > ---
> > >   kernel/debug/kdb/kdb_io.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
> > > index 6a4b414..7fd4513 100644
> > > --- a/kernel/debug/kdb/kdb_io.c
> > > +++ b/kernel/debug/kdb/kdb_io.c
> > > @@ -446,7 +446,7 @@ static char *kdb_read(char *buffer, size_t bufsize)
> > >   char *kdb_getstr(char *buffer, size_t bufsize, const char *prompt)
> > >   {
> > >   	if (prompt && kdb_prompt_str != prompt)
> > > -		strncpy(kdb_prompt_str, prompt, CMD_BUFLEN);
> > > +		strlcpy(kdb_prompt_str, prompt, CMD_BUFLEN);
> > Shouldn't that be strscpy?
> 
> 
> Hi Daniel
> 
> I thought about strscpy, but I think strlcpy is better, because it only copy
> the real number of characters if src string less than that size.

Sorry, I'm confused by this. What behavior does strscpy() have that you
consider undesirable in this case?


Daniel.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ