lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 25 Sep 2023 15:18:56 +0300 (EEST)
From:   Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To:     "Fernando Eckhardt Valle (FIPT)" <fevalle@....br>
cc:     Hans de Goede <hdegoede@...hat.com>,
        Mark Pearson <mpearson-lenovo@...ebb.ca>,
        "corbet@....net" <corbet@....net>,
        "hmh@....eng.br" <hmh@....eng.br>,
        "markgross@...nel.org" <markgross@...nel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        "ibm-acpi-devel@...ts.sourceforge.net" 
        <ibm-acpi-devel@...ts.sourceforge.net>,
        "platform-driver-x86@...r.kernel.org" 
        <platform-driver-x86@...r.kernel.org>
Subject: Re: [PATCH v4] platform/x86: thinkpad_acpi: sysfs interface to
 auxmac

On Fri, 22 Sep 2023, Fernando Eckhardt Valle (FIPT) wrote:

> Thanks for the feedback again!
> 
> > Okay, I wasn't expecting this change as this relies on the nul termination
> > by strscpy() since the original buffer does not have one but the #
> > character there. But I guess it isn't harmful either.
> Yes, precisely because strscpy() put the 'nul terminator' I thought it 
> would be ok. In the tests I did, everything always worked fine too.

It was a bit unorthodox way to take advantage of the way strscpy() works
but like I said, doesn't look harmful.

> >  AUXMAC_START is an offset ??? It should be AUXMAC_LEN.
>
> I thought that since the string 'disabled' has length 8, then I would 
> use AUXMAC_START which is defined as 9 , because that way strscpy would 
> copy the 8 characters of 'disabled' + the nul terminator. Wouldn't that 
> be correct? Or would it be better to use AUXMAC_LEN which is defined to 
> 12? 

strscpy() is takes the size of the destination:

 * @size: Size of destination buffer

...so please use AUXMAC_LEN.

In anycase, "disabled" as the source is itself nul-terminated so strscpy() 
won't copy beyond its length.


-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ