lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 15 Nov 2019 09:00:26 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Peng Fan <peng.fan@....com>
Cc:     "sboyd@...nel.org" <sboyd@...nel.org>,
        "linux@...linux.org.uk" <linux@...linux.org.uk>,
        dl-linux-imx <linux-imx@....com>,
        "linux-clk@...r.kernel.org" <linux-clk@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Alice Guo <alice.guo@....com>
Subject: Re: [PATCH] clk: clkdev: Replace strlcpy with strscpy

On Fri, Nov 15, 2019 at 10:17:53AM +0000, Peng Fan wrote:
> From: Peng Fan <peng.fan@....com>
> 
> The implementation of strscpy() is more robust and safer.
> 
> The strscpy was introduced to fix some API problems around strlcpy.
> strscpy is preferred to strlcpy() since the API doesn't require
> reading memory from the src string beyond the specified "count" bytes,
> and since the return value is easier to error-check than strlcpy()'s.
> In addition, the implementation is robust to the string changing out
> from underneath it, unlike the current strlcpy() implementation.
> 
> Cc: Kees Cook <keescook@...omium.org>
> Signed-off-by: Peng Fan <peng.fan@....com>

Reviewed-by: Kees Cook <keescook@...omium.org>

-Kees

> ---
>  drivers/clk/clkdev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/clk/clkdev.c b/drivers/clk/clkdev.c
> index 0f2e3fcf0f19..ee56109bc0b4 100644
> --- a/drivers/clk/clkdev.c
> +++ b/drivers/clk/clkdev.c
> @@ -165,7 +165,7 @@ vclkdev_alloc(struct clk_hw *hw, const char *con_id, const char *dev_fmt,
>  
>  	cla->cl.clk_hw = hw;
>  	if (con_id) {
> -		strlcpy(cla->con_id, con_id, sizeof(cla->con_id));
> +		strscpy(cla->con_id, con_id, sizeof(cla->con_id));
>  		cla->cl.con_id = cla->con_id;
>  	}
>  
> -- 
> 2.16.4
> 

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ