| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHp75Vcp_RmibkkSW1dCcypKU3okyRXbj8JrbRVFtErhuuAWJg@mail.gmail.com>
Date: Fri, 9 Dec 2022 11:14:27 +0200
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: yang.yang29@....com.cn
Cc: steve.wahl@....com, mike.travis@....com, dimitri.sivanich@....com,
russ.anderson@....com, dvhart@...radead.org, andy@...radead.org,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
xu.panda@....com.cn
Subject: Re: [PATCH linux-next v3] x86/platform/uv: use strscpy to instead of strncpy()
On Fri, Dec 9, 2022 at 9:45 AM <yang.yang29@....com.cn> wrote:
>
> From: Xu Panda <xu.panda@....com.cn>
>
> The implementation of strscpy() is more robust and safer.
> That's now the recommended way to copy NUL terminated strings.
...
> + strscpy(arg, val, strnchrnul(val, ACTION_LEN - 1, '\n') - val + 1);
Instead of -1 +1 you should simply use the sizeof(arg) as I mentioned.
strscpy(arg, val, strnchrnul(val, sizeof(arg), '\n') - val);
The returned pointer by strnchrnul() either points to the '\n' or to
'\0' and when we subtract pointer to the start we will get the exact
length of the string. In case it equals ACTION_LEN the last character
will be replaced by '\0'.
Where am I mistaken?
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists