| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 15:08:57 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Hans de Goede <hdegoede@...hat.com>
Cc: Divya Bharathi <divya27392@...il.com>,
Darren Hart <dvhart@...radead.org>,
LKML <linux-kernel@...r.kernel.org>,
Platform Driver <platform-driver-x86@...r.kernel.org>,
Divya Bharathi <divya_bharathi@...l.com>,
mark gross <mgross@...ux.intel.com>,
Mario Limonciello <mario.limonciello@...l.com>,
Prasanth KSR <prasanth.ksr@...l.com>
Subject: Re: [PATCH v3] Introduce support for Systems Management Driver over
WMI for Dell Systems
On Mon, Sep 21, 2020 at 3:08 PM Andy Shevchenko
<andy.shevchenko@...il.com> wrote:
> On Mon, Sep 21, 2020 at 2:38 PM Hans de Goede <hdegoede@...hat.com> wrote:
> > On 9/17/20 8:55 AM, Divya Bharathi wrote:
>
> ...
>
> > Now I see that you try to correctly deal with strncpy-s nastiness
> > everywhere, but please just don't use it all.
> > Not using strncpy at all is much better.
> >
> > A lot of the strncpy usage is hidden in:
> >
> > strncpy_attr(char *dest, char *src)
> > {
> > size_t len = strlen(src) + 1;
> >
> > if (len > 1 && len < MAX_BUFF)
> > strncpy(dest, src, len);
> > }
> >
> > Why is there no warning printed when the source string
> > is too long ? Now we just quietly throw away the
> > data, which seems undesirable.
> >
> > Also wouldn't truncating the data to fit in MAX_BUFF be better?
> > (honest question, I do not know which option is better)
>
> And don't forget new compiler warning if it can prove that string will
> be NUL-terminated.
can -> can't
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists