lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7122db54-438e-4c41-a1b5-c919e47d8679@gmail.com>
Date:   Thu, 12 Oct 2023 20:06:12 +0200
From:   Philipp Hortmann <philipp.g.hortmann@...il.com>
To:     Calvince Otieno <calvncce@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     outreachy@...ts.linux.dev, linux-kernel@...r.kernel.org,
        Archana <craechal@...il.com>, Dan Carpenter <error27@...il.com>,
        Simon Horman <horms@...nel.org>,
        Bagas Sanjaya <bagasdotme@...il.com>,
        linux-staging@...ts.linux.dev
Subject: Re: [PATCH v2] staging/wlan-ng: remove strcpy() use in favor of
 strscpy()

On 10/12/23 19:47, Calvince Otieno wrote:
> On Thu, Oct 12, 2023 at 7:42 PM Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
>>
>> On Thu, Oct 12, 2023 at 05:01:57PM +0300, Calvince Otieno wrote:
>>> In response to the suggestion by Dan Carpenter on the initial patch,
>>> this patch provides a correct usage of the strscpy() in place of the
>>> current strcpy() implementation.
>>>
>>> strscpy() copies characters from the source buffer to the destination
>>> buffer until one of the following conditions is met:
>>>        - null-terminator ('\0') is encountered in the source string.
>>>        - specified maximum length of the destination buffer is reached.
>>>        - source buffer is exhausted.
>>> Example:
>>>        char dest[11];
>>>        const char *PRISM2_USB_FWFILE = "prism2_ru.fw";
>>>        strscpy(dest, PRISM2_USB_FWFILE, sizeof(dest));
>>>
>>>        In this case, strscpy copies the first 10 characters of src into dest
>>>        and add a null-terminator. dest will then contain "prism2_ru.f" with
>>>        proper null-termination.
>>>
>>> Since the specified length of the dest buffer is not derived from the
>>> dest buffer itself and rather form plug length (s3plug[i].len),
>>> replacing strcpy() with strscpy() is a better option because it will
>>> ensures that the destination string is always properly terminated.
>>>
>>> Signed-off-by: Calvince Otieno <calvncce@...il.com>
>>> ---
Hi,

Greg wants you to add a changelog here below the "---". Can look like this:
v2 : description of changes

Bye Philipp


>>>   drivers/staging/wlan-ng/prism2fw.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/staging/wlan-ng/prism2fw.c b/drivers/staging/wlan-ng/prism2fw.c
>>> index 5d03b2b9aab4..3ccd11041646 100644
>>> --- a/drivers/staging/wlan-ng/prism2fw.c
>>> +++ b/drivers/staging/wlan-ng/prism2fw.c
>>> @@ -725,7 +725,7 @@ static int plugimage(struct imgchunk *fchunk, unsigned int nfchunks,
>>>
>>>                if (j == -1) {  /* plug the filename */
>>>                        memset(dest, 0, s3plug[i].len);
>>> -                     strncpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
>>> +                     strscpy(dest, PRISM2_USB_FWFILE, s3plug[i].len);
>>>                } else {        /* plug a PDR */
>>>                        memcpy(dest, &pda->rec[j]->data, s3plug[i].len);
>>>                }
>>> --
>>> 2.34.1
>>>
>>>
>>
>> Hi,
>>
>> This is the friendly patch-bot of Greg Kroah-Hartman.  You have sent him
>> a patch that has triggered this response.  He used to manually respond
>> to these common problems, but in order to save his sanity (he kept
>> writing the same thing over and over, yet to different people), I was
>> created.  Hopefully you will not take offence and will fix the problem
>> in your patch and resubmit it so that it can be accepted into the Linux
>> kernel tree.
>>
>> You are receiving this message because of the following common error(s)
>> as indicated below:
>>
>> - This looks like a new version of a previously submitted patch, but you
>>    did not list below the --- line any changes from the previous version.
>>    Please read the section entitled "The canonical patch format" in the
>>    kernel file, Documentation/process/submitting-patches.rst for what
>>    needs to be done here to properly describe this.
>>
>> If you wish to discuss this problem further, or you have questions about
>> how to resolve this issue, please feel free to respond to this email and
>> Greg will reply once he has dug out from the pending patches received
>> from other developers.
>>
>> thanks,
>>
>> greg k-h's patch email bot
> 
> 
> 
> Hello Greg,
> 
> I did amend my first commit
> 
> I used the command: git commit --amend -v
> The result of this commit action is what I sent over.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ