lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210723152559.GC2612@titan>
Date:   Fri, 23 Jul 2021 18:30:40 +0200
From:   Len Baker <len.baker@....com>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     Len Baker <len.baker@....com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Nikolay Kyx <knv418@...il.com>,
        Aditya Srivastava <yashsri421@...il.com>,
        Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>,
        William Durand <will+git@...d.me>,
        Romain Perier <romain.perier@...il.com>,
        Allen Pais <apais@...ux.microsoft.com>,
        Phillip Potter <phil@...lpotter.co.uk>,
        zhaoxiao <zhaoxiao@...ontech.com>, linux-staging@...ts.linux.dev,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging/rtl8192e: Remove all strcpy() uses in favor of
 strscpy()

Hi,

On Mon, Jul 19, 2021 at 08:43:45AM +0300, Dan Carpenter wrote:
> On Sun, Jul 18, 2021 at 11:06:36AM +0200, Len Baker wrote:
> > diff --git a/drivers/staging/rtl8192e/rtllib_softmac_wx.c b/drivers/staging/rtl8192e/rtllib_softmac_wx.c
> > index f89799d43b1b..5968407c646d 100644
> > --- a/drivers/staging/rtl8192e/rtllib_softmac_wx.c
> > +++ b/drivers/staging/rtl8192e/rtllib_softmac_wx.c
> > @@ -543,7 +543,7 @@ int rtllib_wx_get_name(struct rtllib_device *ieee,
> >  			     struct iw_request_info *info,
> >  			     union iwreq_data *wrqu, char *extra)
> >  {
> > -	strcpy(wrqu->name, "802.11");
> > +	strscpy(wrqu->name, "802.11", sizeof(wrqu->name));
> >
> >  	if (ieee->modulation & RTLLIB_CCK_MODULATION)
> >  		strcat(wrqu->name, "b");
>
> This patch is just about silencing inferior static analysis tools,
> right?  Most checkers can figure out the size of the array and verify
> that it has space for "802.11".  Probably it's only raw grep which
> can't.
>
> It doesn't make sense to me that we have strscpy() followed by strcat.
> So let's fix both.

Ok, I will send a v2 for review. Thanks for the feedback.

>
> regards,
> dan carpenter

Regards,
Len

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ