| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 07 Feb 2021 07:25:29 -0800
From: Joe Perches <joe@...ches.com>
To: Greg KH <gregkh@...uxfoundation.org>,
Phillip Potter <phil@...lpotter.co.uk>
Cc: alexander.sverdlin@...ia.com, andrew@...n.ch, davem@...emloft.net,
chris.packham@...iedtelesis.co.nz, devel@...verdev.osuosl.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: octeon: convert all uses of strlcpy to strscpy
in ethernet-mdio.c
On Sun, 2021-02-07 at 15:55 +0100, Greg KH wrote:
> On Sun, Feb 07, 2021 at 02:48:04PM +0000, Phillip Potter wrote:
> > Convert three calls to strlcpy inside the cvm_oct_get_drvinfo function
> > to strscpy calls. Fixes a style warning.
>
> Is it really safe to do this type of conversion here?
Yes. No locks are taken by either strlcpy or strscpy, and the conversion
is only done where the return value is unused.
strscpy is:
lib/string.c: * Preferred to strlcpy() since the API doesn't require reading memory
lib/string.c- * from the src string beyond the specified "count" bytes, and since
lib/string.c: * the return value is easier to error-check than strlcpy()'s.
lib/string.c- * In addition, the implementation is robust to the string changing out
lib/string.c: * from underneath it, unlike the current strlcpy() implementation.
> If so, you need
> to provide evidence of it in the changelog, otherwise we could just do a
> search/replace across the whole kernel and be done with it :)
Yes please.
There's a cocci script for that in commit 75b1a8f9d62e
("ALSA: Convert strlcpy to strscpy when return value is unused")
Powered by blists - more mailing lists