lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Oct 2022 10:08:25 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Rong Tao <rtoax@...mail.com>
Cc:     andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org,
        daniel@...earbox.net, haoluo@...gle.com, john.fastabend@...il.com,
        jolsa@...nel.org, kpsingh@...nel.org, linux-kernel@...r.kernel.org,
        linux-kselftest@...r.kernel.org, martin.lau@...ux.dev,
        mykolal@...com, rongtao@...tc.cn, sdf@...gle.com, shuah@...nel.org,
        song@...nel.org, yhs@...com
Subject: Re: Re: [PATCH] selftests/bpf: Fix strncpy() fortify warning

On Thu, Oct 27, 2022 at 5:26 PM Rong Tao <rtoax@...mail.com> wrote:
>
> Thanks for your reply, `enable[0] = '\0';` at the beginning and then
> strncat() still has the same compile warning
>
> --- a/tools/testing/selftests/bpf/cgroup_helpers.c
> +++ b/tools/testing/selftests/bpf/cgroup_helpers.c
> @@ -77,7 +77,8 @@ static int __enable_controllers(const char *cgroup_path, const char *controllers
>                 enable[len] = 0;
>                 close(fd);
>         } else {
> -               strncpy(enable, controllers, sizeof(enable));
> +               enable[0] = '\0';
> +               strncat(enable, controllers, sizeof(enable));
>         }
>
> In function ‘__enable_controllers’:
> tools/testing/selftests/bpf/cgroup_helpers.c:81:17: warning: ‘strncat’ specified bound 4097 equals destination size [-Wstringop-truncation]
>    81 |                 strncat(enable, controllers, sizeof(enable));
>       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> tools/testing/selftests/bpf/cgroup_helpers.c:81:17: warning: ‘strncat’ specified bound 4097 equals destination size [-Wstringop-overflow=]
>
> So, i think just add '-1' for strncpy() is a good way.

no, it's not, see my previous email about ending up with
non-zero-terminated C string.

check strncat() API, it leaves the dst string zero terminated, and
yes, you need -1 for strncat as well, your compiler is right

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ