lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2a603886-332c-9b2b-45fa-3dea8f4162f@inria.fr>
Date:   Fri, 13 Oct 2023 12:16:41 +0200 (CEST)
From:   Julia Lawall <julia.lawall@...ia.fr>
To:     Dan Carpenter <dan.carpenter@...aro.org>
cc:     Calvince Otieno <calvncce@...il.com>, outreachy@...ts.linux.dev,
        linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Luke Koch <lu.ale.koch@...il.com>,
        Bagas Sanjaya <bagasdotme@...il.com>,
        Simon Horman <horms@...nel.org>, linux-staging@...ts.linux.dev
Subject: Re: [PATCH v4] staging: wlan-ng: replace  strncpy() with strscpy()



On Fri, 13 Oct 2023, Dan Carpenter wrote:

> On Fri, Oct 13, 2023 at 12:54:26PM +0300, Calvince Otieno wrote:
> > Checkpatch suggests the use of  strscpy() instead of strncpy().

Since Dan suggested another change, you could also drop the extra space
before strscpy in the line above.

julia

> > The advantages are that it always adds a NUL terminator and it prevents
> > a read overflow if the src string is not properly terminated.  One
> > potential disadvantage is that it doesn't zero pad the string like
> > strncpy() does.
> >
> > In this code, strscpy() and strncpy() are equivalent and it does not
> > affect runtime behavior.  The string is zeroed on the line before
> > using memset().  The resulting string was always NUL terminated and
> > PRISM2_USB_FWFILE is string literal "prism2_ru.fw" so it's NUL
> > terminated.
> >
> > However, even though using strscpy() does not fix any bugs, it's
> > still nicer and makes checkpatch happy.
> >
> > Signed-off-by: Calvince Otieno <calvncce@...il.com>
> > ---
> > Patch version v4:
> > 	Provide a valid description of the patch
>
> Good.
>
> However, you've still included the v1 patch...  See below.  Don't do
> that.
>
> regards,
> dan carpenter
>
> > Patch version v1:
> >         Replacing strncpy() with strscpy()
> >
> >  drivers/staging/wlan-ng/prism2fw.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/staging/wlan-ng/prism2fw.c b/drivers/staging/wlan-ng/prism2fw.c
> > index 5d03b2b9aab4..57a99dd12143 100644
> > --- a/drivers/staging/wlan-ng/prism2fw.c
> > +++ b/drivers/staging/wlan-ng/prism2fw.c
> > @@ -725,7 +725,7 @@ static int plugimage(struct imgchunk *fchunk, unsigned int nfchunks,
> >
> >                 if (j == -1) {  /* plug the filename */
> >                         memset(dest, 0, s3plug[i].len);
> > -                       strncpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
> > +                       strscpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
> >                 } else {        /* plug a PDR */
> >                         memcpy(dest, &pda->rec[j]->data, s3plug[i].len);
> >                 }
> >
> > --
> > Calvince Otieno
> >
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ