lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240218195110.1386840-1-rodrigo@sdfg.com.ar>
Date: Sun, 18 Feb 2024 16:51:02 -0300
From: Rodrigo Campos <rodrigo@...g.com.ar>
To: Willy Tarreau <w@....eu>,
	Thomas Weißschuh <linux@...ssschuh.net>
Cc: linux-kernel@...r.kernel.org,
	Rodrigo Campos <rodrigo@...g.com.ar>
Subject: [PATCH v3 0/4] Misc fixes for strlcpy() and strlcat()

As requested by Willy and Thomas[1], here go some more fixes and tests for
strlcpy() and strlcat().

The first patch just fixes the compilation when the compiler might replace some
code with its strlen() implementation, which will not be found. Therefore, we
just export it as that can happen also on user-code, outside of nolibc.

The rest of the commits:
	* Fix the return code of both functions
	* Make sure to always null-terminate the dst buffer
	* Honor the size parameter as documented
	* Add tests for both functions

All has been checked against the corresponding libbsd implementation[2].

Let me know what you think 🙂

---
Changes from v2:
 * Add v3 to the subject, previously I wasn't using v<revision>
 * Make strlcat() and strlcpy() have a shorter size when compiled
 * Make src and dst buffer sizes different in test and add trailing chars, so we
   can easily detect more bugs.

[1]: https://lore.kernel.org/all/9538a8fe-b92f-42a5-99d1-25969cf51647@sdfg.com.ar/
[2]: https://gitlab.freedesktop.org/libbsd/libbsd.git


Rodrigo Campos (4):
  tools/nolibc/string: export strlen()
  tools/nolibc: Fix strlcat() return code and size usage
  tools/nolibc: Fix strlcpy() return code and size usage
  selftests/nolibc: Add tests for strlcat() and strlcpy()

 tools/include/nolibc/string.h                | 47 ++++++++++++--------
 tools/testing/selftests/nolibc/nolibc-test.c | 40 +++++++++++++++++
 2 files changed, 69 insertions(+), 18 deletions(-)

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ