lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <642f50b8.170a0220.95ab9.859f@mx.google.com>
Date:   Thu, 6 Apr 2023 16:07:35 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Alexander Potapenko <glider@...gle.com>
Cc:     linux-hardening@...r.kernel.org, Kees Cook <kees@...flux.net>,
        Andy Shevchenko <andy@...nel.org>,
        Cezary Rojewski <cezary.rojewski@...el.com>,
        Puyou Lu <puyou.lu@...il.com>, Mark Brown <broonie@...nel.org>,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Brendan Higgins <brendan.higgins@...ux.dev>,
        David Gow <davidgow@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Zhaoyang Huang <zhaoyang.huang@...soc.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Miguel Ojeda <ojeda@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Liam Howlett <liam.howlett@...cle.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Yury Norov <yury.norov@...il.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Sander Vanheule <sander@...nheule.net>,
        Eric Biggers <ebiggers@...gle.com>,
        "Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
        Andrey Konovalov <andreyknvl@...il.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        Daniel Latypov <dlatypov@...gle.com>,
        José Expósito <jose.exposito89@...il.com>,
        linux-kernel@...r.kernel.org, kunit-dev@...glegroups.com
Subject: Re: [PATCH 3/9] string: Add Kunit tests for strcat() family

On Thu, Apr 06, 2023 at 11:11:09AM +0200, Alexander Potapenko wrote:
> > +static void strncat_test(struct kunit *test)
> > +{
> > +       char dest[8];
> > +
> > +       /* Destination is terminated. */
> > +       memset(dest, 0, sizeof(dest));
> > +       KUNIT_EXPECT_EQ(test, strlen(dest), 0);
> > +       /* Empty copy of size 0 does nothing. */
> > +       KUNIT_EXPECT_TRUE(test, strncat(dest, "", 0) == dest);
> > +       KUNIT_EXPECT_STREQ(test, dest, "");
> > +       /* Empty copy of size 1 does nothing too. */
> > +       KUNIT_EXPECT_TRUE(test, strncat(dest, "", 1) == dest);
> > +       KUNIT_EXPECT_STREQ(test, dest, "");
> > +       /* Copy of max 0 characters should do nothing. */
> > +       KUNIT_EXPECT_TRUE(test, strncat(dest, "asdf", 0) == dest);
> > +       KUNIT_EXPECT_STREQ(test, dest, "");
> > +
> > +       /* 4 characters copied in, even if max is 8. */
> > +       KUNIT_EXPECT_TRUE(test, strncat(dest, "four\000123", 8) == dest);
> > +       KUNIT_EXPECT_STREQ(test, dest, "four");
> > +       KUNIT_EXPECT_EQ(test, dest[5], '\0');
> 
> Maybe also add a test case for strncat(dest, "four", 4) that checks
> that the fourth byte of dest is not 0?

I think I don't understand what state you want to test for? The line
above (STREQ is checking dest is "four". Maybe I should check for
dest[6] being 0 as well as dest[5]. But if that's not what you mean, I'm
not sure. Is it something here:

char dest[16];
memset(dest, 0, sizeof(dest));
// dest == ""
strncat(dest, "four", 4);
// dest == "four"
strncat(dest, "four", 4);
// dest == "fourfour"

strncat's "n" is how much to reach from source -- dest will always be
terminated.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ