| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Jul 2022 15:22:18 +0100
From: Aaron Tomlin <atomlin@...hat.com>
To: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: "mcgrof@...nel.org" <mcgrof@...nel.org>,
"linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] module: Show the last unloaded module's taint flag(s)
On Tue 2022-06-28 08:47 +0100, Aaron Tomlin wrote:
> On Tue 2022-06-28 05:54 +0000, Christophe Leroy wrote:
> > > - /* Store the name of the last unloaded module for diagnostic purposes */
> > > strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module));
> > > + strcat(last_unloaded_module, module_flags(mod, buf, false));
> >
> > You replace a bounded string copy by an unbounded strict contat.
> >
> > Should you use strlcat() instead ?
>
> Hi Christophe,
>
> Why? If I understand correctly, both the destination and source string are
> NULL-terminated (see module_flags()). So, strcat() should be sufficient.
Hi Luis,
Any thoughts on this? As far as I can tell, the destination string cannot
be overwritten; albeit, I can use the safer option if you prefer.
Kind regards,
--
Aaron Tomlin
Powered by blists - more mailing lists