| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jan 2022 09:49:38 -0800
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Kees Cook <keescook@...omium.org>
Cc: Francis Laniel <laniel_francis@...vacyrequired.com>,
Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
Andy Shevchenko <andy@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Sergey Senozhatsky <senozhatsky@...omium.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
kernel test robot <lkp@...el.com>,
Nathan Chancellor <natechancellor@...il.com>
Subject: Re: [PATCH v3 1/3] string: Make stpcpy() possible to use
On Wed, Jan 26, 2022 at 6:19 AM Andy Shevchenko
<andriy.shevchenko@...ux.intel.com> wrote:
>
> It is a good rule to avoid submitting code without users.
> Currently the stpcpy() is unusable due to missed declaration.
> Any attempts to use it will bring something like:
>
> error: implicit declaration of function ‘stpcpy’ [-Werror=implicit-function-declaration]
>
> Move declaration to the header and guard it as other string functions.
>
> Fixes: 1e1b6d63d634 ("lib/string.c: implement stpcpy")
> Reported-by: kernel test robot <lkp@...el.com>
> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> Cc: Nathan Chancellor <natechancellor@...il.com>
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Recall the discussion from Kees:
https://lore.kernel.org/lkml/CAK7LNAQXo5-5W6hvNMEVPBPf3tRWaf-pQdSR-0OHyi4RCGhjsQ@mail.gmail.com/
and
https://lore.kernel.org/lkml/202008150921.B70721A359@keescook/
I'm guessing that the 0day bot report was on the third patch in this
series, which looks to use stpcpy:
https://lore.kernel.org/lkml/20220126141917.75399-3-andriy.shevchenko@linux.intel.com/
for patch 3, I'd s/"compress"/de-duplicate/ or s/"compress"/merge/.
Kees, I'm curious if we can do something like require the string
length to be known at compile time otherwise BUILD_BUG_ON?
> ---
> v3: new patch to fix reported issue
> include/linux/string.h | 3 +++
> lib/string.c | 3 ++-
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/string.h b/include/linux/string.h
> index b6572aeca2f5..b1aeb3475396 100644
> --- a/include/linux/string.h
> +++ b/include/linux/string.h
> @@ -31,6 +31,9 @@ size_t strlcpy(char *, const char *, size_t);
> #ifndef __HAVE_ARCH_STRSCPY
> ssize_t strscpy(char *, const char *, size_t);
> #endif
> +#ifndef __HAVE_ARCH_STPCPY
> +char *stpcpy(char *__restrict__ dest, const char *__restrict__ src);
> +#endif
>
> /* Wraps calls to strscpy()/memset(), no arch specific code required */
> ssize_t strscpy_pad(char *dest, const char *src, size_t count);
> diff --git a/lib/string.c b/lib/string.c
> index 485777c9da83..4ecb8ec1fdd1 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -233,6 +233,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
> EXPORT_SYMBOL(strscpy);
> #endif
>
> +#ifndef __HAVE_ARCH_STPCPY
> /**
> * stpcpy - copy a string from src to dest returning a pointer to the new end
> * of dest, including src's %NUL-terminator. May overrun dest.
> @@ -248,7 +249,6 @@ EXPORT_SYMBOL(strscpy);
> * not recommended for usage. Instead, its definition is provided in case
> * the compiler lowers other libcalls to stpcpy.
> */
> -char *stpcpy(char *__restrict__ dest, const char *__restrict__ src);
> char *stpcpy(char *__restrict__ dest, const char *__restrict__ src)
> {
> while ((*dest++ = *src++) != '\0')
> @@ -256,6 +256,7 @@ char *stpcpy(char *__restrict__ dest, const char *__restrict__ src)
> return --dest;
> }
> EXPORT_SYMBOL(stpcpy);
> +#endif
>
> #ifndef __HAVE_ARCH_STRCAT
> /**
> --
> 2.34.1
>
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists