lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 19 Feb 2024 21:48:21 +0100
From: Willy Tarreau <w@....eu>
To: Rodrigo Campos <rodrigo@...g.com.ar>
Cc: Thomas Weißschuh <linux@...ssschuh.net>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/4] Misc fixes for strlcpy() and strlcat()

Hi Rodrigo,

On Sun, Feb 18, 2024 at 04:51:02PM -0300, Rodrigo Campos wrote:
> As requested by Willy and Thomas[1], here go some more fixes and tests for
> strlcpy() and strlcat().
> 
> The first patch just fixes the compilation when the compiler might replace some
> code with its strlen() implementation, which will not be found. Therefore, we
> just export it as that can happen also on user-code, outside of nolibc.
> 
> The rest of the commits:
> 	* Fix the return code of both functions
> 	* Make sure to always null-terminate the dst buffer
> 	* Honor the size parameter as documented
> 	* Add tests for both functions
> 
> All has been checked against the corresponding libbsd implementation[2].
> 
> Let me know what you think ?

This time everything looked good to me and I queued them into the fixes
branch since they address a real corner-case bug. I finally decided not
to change your comment for '/*' on a single line because it turns out
that the file in question almost exclusively uses the shorter, net-style
comments like you did, and you were probably inspired by the surrounding
ones.

Many thanks for your work and your patience ;-)
Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ