| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4aef09112d0c4a59a1a3fa393af59f37@AcuMS.aculab.com>
Date: Tue, 18 Jul 2023 09:42:13 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Andy Shevchenko' <andriy.shevchenko@...ux.intel.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC: Kees Cook <keescook@...omium.org>
Subject: RE: [PATCH v1 1/1] seq_file: Replace strncpy()+nul by strscpy()
From: Andy Shevchenko
> Sent: 17 July 2023 10:34
...
> #define seq_show_option_n(m, name, value, length) { \
> char val_buf[length + 1]; \
> - strncpy(val_buf, value, length); \
> - val_buf[length] = '\0'; \
> + strscpy(val_buf, value, sizeof(val_buf)); \
> seq_show_option(m, name, val_buf); \
> }
Why the extra double-copy with (potentially) a VLA?
seq_show_option() calls seq_escape_str(),
seq_escape_str calls seq_escape_mem(... strlen(src) ...).
Implement seq_show_option() as seq_show_option_n(... strlen(value))
and use seq_escape_mem() for the value.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists