lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20190805072645.32691-1-hslester96@gmail.com>
Date:   Mon,  5 Aug 2019 15:26:45 +0800
From:   Chuhong Yuan <hslester96@...il.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     Jonathan Corbet <corbet@....net>,
        Andy Whitcroft <apw@...onical.com>,
        Joe Perches <joe@...ches.com>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, Chuhong Yuan <hslester96@...il.com>
Subject: [PATCH v2] Documentation/checkpatch: Prefer str_has_prefix over strncmp

Add "strncmp() on string prefix" to
Documentation/process/deprecated.rst since using strncmp()
to check whether a string starts with a prefix is error-prone.
The safe replacement is str_has_prefix().

Also add check to the newly introduced deprecated_string_apis
in checkpatch.pl.

This patch depends on patch:
"Documentation/checkpatch: Prefer stracpy/strscpy over
strcpy/strlcpy/strncpy."

Signed-off-by: Chuhong Yuan <hslester96@...il.com>
---
Changes in v2:
  - Use "strncmp() on string prefix" instead of
    "strncmp()" to make it more precise.
  - Remove "c:func" and use "strncmp" directly
    in description.

 Documentation/process/deprecated.rst | 8 ++++++++
 scripts/checkpatch.pl                | 1 +
 2 files changed, 9 insertions(+)

diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
index 56280e108d5a..96fa32aba189 100644
--- a/Documentation/process/deprecated.rst
+++ b/Documentation/process/deprecated.rst
@@ -109,6 +109,14 @@ the given limit of bytes to copy. This is inefficient and can lead to
 linear read overflows if a source string is not NUL-terminated. The
 safe replacement is stracpy() or strscpy().
 
+strncmp() on string prefix
+--------------------------
+strncmp() is often used to test if a string starts with a prefix by
+strncmp(str, prefix, length of prefix). This is error-prone because length
+of prefix can have counting error if using a constant length, or use
+sizeof(prefix) without - 1. Also, if the prefix is a pointer, sizeof(prefix)
+leads to a wrong size. The safe replacement is str_has_prefix().
+
 Variable Length Arrays (VLAs)
 -----------------------------
 Using stack VLAs produces much worse machine code than statically
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 0ae9ae01d855..38e82d2ac286 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -609,6 +609,7 @@ our %deprecated_string_apis = (
 	"strcpy"		=> "stracpy or strscpy",
 	"strlcpy"		=> "stracpy or strscpy",
 	"strncpy"		=> "stracpy or strscpy - for non-NUL-terminated uses, strncpy dest should be __nonstring",
+	"strncmp"		=> "str_has_prefix",
 );
 
 #Create a search pattern for all these strings apis to speed up a loop below
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ