lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6d5c18f41277d4d926dbe411df070393b4418d6f.camel@perches.com>
Date:   Sun, 07 Feb 2021 07:25:29 -0800
From:   Joe Perches <joe@...ches.com>
To:     Greg KH <gregkh@...uxfoundation.org>,
        Phillip Potter <phil@...lpotter.co.uk>
Cc:     alexander.sverdlin@...ia.com, andrew@...n.ch, davem@...emloft.net,
        chris.packham@...iedtelesis.co.nz, devel@...verdev.osuosl.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: octeon: convert all uses of strlcpy to strscpy
 in ethernet-mdio.c

On Sun, 2021-02-07 at 15:55 +0100, Greg KH wrote:
> On Sun, Feb 07, 2021 at 02:48:04PM +0000, Phillip Potter wrote:
> > Convert three calls to strlcpy inside the cvm_oct_get_drvinfo function
> > to strscpy calls. Fixes a style warning.
> 
> Is it really safe to do this type of conversion here?

Yes.  No locks are taken by either strlcpy or strscpy, and the conversion
is only done where the return value is unused.

strscpy is:

lib/string.c: * Preferred to strlcpy() since the API doesn't require reading memory
lib/string.c- * from the src string beyond the specified "count" bytes, and since
lib/string.c: * the return value is easier to error-check than strlcpy()'s.
lib/string.c- * In addition, the implementation is robust to the string changing out
lib/string.c: * from underneath it, unlike the current strlcpy() implementation.

> If so, you need
> to provide evidence of it in the changelog, otherwise we could just do a
> search/replace across the whole kernel and be done with it :)

Yes please.

There's a cocci script for that in commit 75b1a8f9d62e
("ALSA: Convert strlcpy to strscpy when return value is unused")


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ