lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <13330090-9D89-4AAE-B59E-7353AE319654@linux.dev>
Date: Fri, 14 Feb 2025 23:27:00 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: yang.yang29@....com.cn,
 mhiramat@...nel.org,
 linux-kernel@...r.kernel.org,
 linux-trace-kernel@...r.kernel.org,
 xu.panda@....com.cn,
 linux-hardening@...r.kernel.org,
 Justin Stitt <justinstitt@...gle.com>
Subject: Re: [PATCH linux-next] tracing: use strscpy() to instead of strncpy()

Hi Steven,

I was about to submit the same patch when I found this one from 2023.

On 24. Jan 2023, at 18:17, Steven Rostedt wrote:
> So the above will *always* return -E2BIG *and* not end buf[] with '\0' as
> if strscpy() returns -E2BIG, then buf[] is not guaranteed to be
> NUL-terminated.

The return value is not used and the strscpy() documentation in
linux/string.h says:

"The destination @dst buffer is always NUL terminated, unless it's zero-
sized." and "Preferred to strncpy() since it always returns a valid
string, ..."

Has strscpy() changed since 2023 or could this patch be revisited? I saw
that Justin also made an effort in September 2024 [1] to revisit it and
to remove the deprecated strncpy() here.

> NACK!
> 
> -- Steve

Thanks,
Thorsten

[1] https://lore.kernel.org/r/yhv3rzg6vhgwage27cyvg72t4vwf5x3tdtj3zjipryzvz3u55x@c33q753uxyi3/
Cc: linux-hardening@...r.kernel.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ