lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Aug 2020 09:58:01 -0700 From: Nick Desaulniers <ndesaulniers@...gle.com> To: Joe Perches <joe@...ches.com> Cc: Masahiro Yamada <masahiroy@...nel.org>, clang-built-linux <clang-built-linux@...glegroups.com>, stable <stable@...r.kernel.org>, Andy Lavr <andy.lavr@...il.com>, Arvind Sankar <nivedita@...m.mit.edu>, Rasmus Villemoes <linux@...musvillemoes.dk>, Sami Tolvanen <samitolvanen@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <keescook@...omium.org>, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Alexandru Ardelean <alexandru.ardelean@...log.com>, Yury Norov <yury.norov@...il.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v3] lib/string.c: implement stpcpy On Wed, Aug 26, 2020 at 9:57 AM Joe Perches <joe@...ches.com> wrote: > > On Thu, 2020-08-27 at 01:49 +0900, Masahiro Yamada wrote: > > I do not have time to keep track of the discussion fully, > > but could you give me a little more context why > > the usage of stpcpy() is not recommended ? > > > > The implementation of strcpy() is almost the same. > > It is unclear to me what makes stpcpy() unsafe.. https://lore.kernel.org/lkml/202008150921.B70721A359@keescook/ > > It's the same thing that makes strcpy unsafe: > > Unchecked buffer lengths with no guarantee src is terminated. -- Thanks, ~Nick Desaulniers
Powered by blists - more mailing lists