lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHp75Vf3c0Q7tV8ih5fRL6Bsjr6dhspFe+mxV7xUN=vZ1JdTKQ@mail.gmail.com>
Date: Tue, 6 Feb 2024 17:02:16 +0200
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Shevchenko <andy@...nel.org>, Richard Weinberger <richard@....at>, linux-um@...ts.infradead.org, 
	Justin Stitt <justinstitt@...gle.com>, Anton Ivanov <anton.ivanov@...bridgegreys.com>, 
	Johannes Berg <johannes@...solutions.net>, 
	Willem de Bruijn <willemdebruijn.kernel@...il.com>, Jason Wang <jasowang@...hat.com>, 
	kernel test robot <lkp@...el.com>, Nathan Chancellor <nathan@...nel.org>, 
	Azeem Shaikh <azeemshaikh38@...il.com>, linux-kernel@...r.kernel.org, 
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3 4/4] um: Convert strscpy() usage to 2-argument style

On Tue, Feb 6, 2024 at 4:22 PM Kees Cook <keescook@...omium.org> wrote:
>
> The ARCH=um build has its own idea about strscpy()'s definition. Adjust
> the callers to remove the redundant sizeof() arguments ahead of treewide
> changes, since it needs a manual adjustment for the newly named
> sized_strscpy() export.

..

> -               strscpy(dir, home, sizeof(dir));
> +               strscpy(dir, home);
>                 uml_dir++;
>         }
>         strlcat(dir, uml_dir, sizeof(dir));

An (unrelated) side note: are we going to get rid of strlcat() as well
(after strlcpy() is gone)?

..

>         if (*umid == '\0') {
> -               strscpy(tmp, uml_dir, sizeof(tmp));
> +               strscpy(tmp, uml_dir);
>                 strlcat(tmp, "XXXXXX", sizeof(tmp));

This code is interesting... (Esp. taking into account making a
temporary folder out of this...)

-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ