lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 29 Jan 2024 15:15:12 +0100
From: Rodrigo Campos <rodrigo@...g.com.ar>
To: Willy Tarreau <w@....eu>,
	Thomas Weißschuh <linux@...ssschuh.net>
Cc: linux-kernel@...r.kernel.org,
	Rodrigo Campos <rodrigo@...g.com.ar>
Subject: [PATCH 0/4] tools/nolibc: Misc fixes for strlcpy() and strlcat()

As requested by Willy and Thomas[1], here go some more fixes and tests for
strlcpy() and strlcat().

>From the previous discussion, I uderstand that we want to apply the first patch
(export strlen()) as is, I've included it again here just in case. Maybe we should just include the
-Wl,--gc-sections in the nolibc.h comment about the flags to use when compiling?

The rest of the commits are quite simple too, they just:
	* Fix the return code of both functions
	* Make sure to always null-terminate the dst buffer
	* Don't copy more than what size allows us (this handles the size=0 case
	  for free too)

All has been checked against the corresponding libbsd implementation[2].

I thought the manpage was clear, but when checking against that, I noted a few
twists (like the manpage says the return code of strlcat is strlen(src) +
strlen(dst), but it was not clear it is not that if size < strlen(dst). When
looking at the libbsd implementation and re-reading the manpage, I understood
what it really meant).

Let me know what you think :)

Best,
Rodrigo


[1]: https://lore.kernel.org/all/9538a8fe-b92f-42a5-99d1-25969cf51647@sdfg.com.ar/
[2]: https://gitlab.freedesktop.org/libbsd/libbsd.git


Rodrigo Campos (4):
  tools/nolibc/string: export strlen()
  tools/nolibc: Fix strlcat() return code and size usage
  tools/nolibc: Fix strlcpy() return code and size usage
  selftests/nolibc: Add tests for strlcat() and strlcpy()

 tools/include/nolibc/string.h                | 25 +++++++-------
 tools/testing/selftests/nolibc/nolibc-test.c | 34 ++++++++++++++++++++
 2 files changed, 47 insertions(+), 12 deletions(-)

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ