lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 Apr 2024 12:53:04 -0700
From: Justin Stitt <justinstitt@...gle.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: Arnd Bergmann <arnd@...nel.org>, linux-kernel@...r.kernel.org, 
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 05/11] test_hexdump: avoid string truncation warning

Hi,

On Mon, Apr 8, 2024 at 8:38 AM Arnd Bergmann <arnd@...db.de> wrote:
>
> You are correct. I do understand the nuances between strncpy()
> and strscpy(), but I failed to read this file properly.

Arnd, I know you understand these differences. I did not intend to
patronize, so sorry about that. My intention was to provide ample
context for future travelers/reviewers. These replacements can be
tricky sometimes.

>
> I'm still not entirely sure, but from my current reading, I think
> we can just use memcpy() to replace the strncpy() here, as both
> the input string data_b[] and the output real[TEST_HEXDUMP_BUF_SIZE]
> are sized to cover every possible 'len' value. This also follows
> what Linus did for the other original strncpy in b1286ed7158e
> ("test_hexdump: use memcpy instead of strncpy()").
>
> I've reworked the patch based on that assumption now and rewritten
> the changelog text accordingly.

Great! This helps towards https://github.com/KSPP/linux/issues/90

>
>      Arnd

Thanks
Justin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ