| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHp75VeEA0=KFsfdjCnBm-b9+F+NnFWJ38nkh+qtb85XdXVWog@mail.gmail.com>
Date: Sun, 18 Jul 2021 22:42:42 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Len Baker <len.baker@....com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Phil Reid <preid@...ctromag.com.au>,
dri-devel <dri-devel@...ts.freedesktop.org>,
"open list:FRAMEBUFFER LAYER" <linux-fbdev@...r.kernel.org>,
linux-staging@...ts.linux.dev,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] staging/fbtft: Remove all strcpy() uses
On Sun, Jul 18, 2021 at 4:43 PM Len Baker <len.baker@....com> wrote:
>
> strcpy() performs no bounds checking on the destination buffer. This
> could result in linear overflows beyond the end of the buffer, leading
> to all kinds of misbehaviors. The safe replacement is strscpy() but in
> this case it is simpler to add NULL to the first position since we want
> to empty the string.
> This is a previous step in the path to remove the strcpy() function.
Any document behind this (something to read on the site(s) more or
less affiliated with what is going to happen in the kernel) to read
background?
...
> case -1:
> i++;
> /* make debug message */
> - strcpy(msg, "");
> + msg[0] = 0;
Strictly speaking it should be '\0'.
> j = i + 1;
> while (par->init_sequence[j] >= 0) {
> sprintf(str, "0x%02X ", par->init_sequence[j]);
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists