| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMuHMdUtXQJDBMDBROHa0md5eFvnjtLNNBVvWjLKEPRxFzgg2g@mail.gmail.com>
Date: Wed, 21 Sep 2022 12:16:48 +0200
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: cgel.zte@...il.com
Cc: richard@....at, anton.ivanov@...bridgegreys.com,
johannes@...solutions.net, baihaowen@...zu.com,
linux-um@...ts.infradead.org, linux-kernel@...r.kernel.org,
ye xingchen <ye.xingchen@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: Re: [PATCH linux-next] um: use strscpy() is more robust and safer
Hi Ye,
On Wed, Sep 21, 2022 at 11:45 AM <cgel.zte@...il.com> wrote:
> From: ye xingchen <ye.xingchen@....com.cn>
>
> The implementation of strscpy() is more robust and safer.
>
> That's now the recommended way to copy NUL terminated strings.
>
> Reported-by: Zeal Robot <zealci@....com.cn>
> Signed-off-by: ye xingchen <ye.xingchen@....com.cn>
Thanks for your patch!
> --- a/arch/um/os-Linux/umid.c
> +++ b/arch/um/os-Linux/umid.c
> @@ -262,7 +262,7 @@ static int __init make_umid(void)
> make_uml_dir();
>
> if (*umid == '\0') {
> - strlcpy(tmp, uml_dir, sizeof(tmp));
> + strscpy(tmp, uml_dir, sizeof(tmp));
> strlcat(tmp, "XXXXXX", sizeof(tmp));
Do we need strscat(), too? ;-)
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists