[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d17bd7f8-a70e-dac3-be69-3cf10c2f19e4@gmail.com>
Date: Sun, 4 Sep 2022 11:21:10 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Kees Cook <keescook@...omium.org>,
Guenter Roeck <linux@...ck-us.net>
Cc: Wolfram Sang <wsa+renesas@...g-engineering.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jonathan Corbet <corbet@....net>,
Len Baker <len.baker@....com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Andy Shevchenko <andriy.shevchenko@...el.com>,
Francis Laniel <laniel_francis@...vacyrequired.com>,
Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] string: Introduce strtomem() and strtomem_pad()
On 9/3/22 05:49, Kees Cook wrote:
> +/**
> + * strncpy - Copy a string to memory with non-guaranteed NUL padding
> + *
> + * @p: pointer to destination of copy
> + * @q: pointer to NUL-terminated source string to copy
> + * @size: bytes to write at @p
> + *
> + * If strlen(@q) >= @size, the copy of @q will stop after @size bytes,
> + * and @p will NOT be NUL-terminated
> + *
> + * If strlen(@q) < @size, following the copy of @q, trailing NUL bytes
> + * will be written to @p until @size total bytes have been written.
> + *
> + * Do not use this function. While FORTIFY_SOURCE tries to avoid
> + * over-reads of @q, it cannot defend against writing unterminated
> + * results to @p. Using strncpy() remains ambiguous and fragile.
> + * Instead, please choose an alternative, so that the expectation
> + * of @p's contents is unambiguous:
> + *
> + * +--------------------+-----------------+------------+
> + * | @p needs to be: | padded to @size | not padded |
> + * +====================+=================+============+
> + * | NUL-terminated | strscpy_pad() | strscpy() |
> + * +--------------------+-----------------+------------+
> + * | not NUL-terminated | strtomem_pad() | strtomem() |
> + * +--------------------+-----------------+------------+
> + *
> + * Note strscpy*()'s differing return values for detecting truncation,
> + * and strtomem*()'s expectation that the destination is marked with
> + * __nonstring when it is a character array.
> + *
> + */
Hi,
I don't see the strncpy description above rendered in htmldocs output.
Instead, I got:
```
char * strncpy(char *dest, const char *src, size_t count)ΒΆ
Copy a length-limited, C-string
Parameters
char *dest
Where to copy the string to
const char *src
Where to copy the string from
size_t count
The maximum number of bytes to copy
Description
The result is not NUL-terminated if the source exceeds count bytes.
In the case where the length of src is less than that of count, the remainder of dest will be padded with NUL.
```
Thanks.
--
An old man doll... just what I always wanted! - Clara
Powered by blists - more mailing lists