lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <cb862288-51be-443e-b770-ed2273978daa@kernel.org>
Date: Fri, 28 Feb 2025 21:37:10 +0000
From: Quentin Monnet <qmo@...nel.org>
To: Michael Estner <michaelestner@....de>, ast@...nel.org,
 daniel@...earbox.net
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [PATCH] bpftool: Replace strncpy with strscpy

2025-02-28 19:18 UTC+0100 ~ Michael Estner <michaelestner@....de>
> strncpy() is deprecated for NUL-terminated destination buffers. Use
> strscpy() instead and remove the manual NUL-termination.
> 
> Compile-tested only.


How? The change does _not_ compile in my case:

	$ cd tool/bpf/bpftool
	$ make -j
	[...]
	/usr/bin/ld: xlated_dumper.o: in function `print_insn_json':
	xlated_dumper.c:(.text+0x1f6): undefined reference to `strscpy'
	collect2: error: ld returned 1 exit status
	make: *** [Makefile:254: bpftool] Error 1

(Besides, this code should be rather easy to test, so running it is
appreciated.)

strscpy() has been proposed for bpftool a few times in the past, but
bpftool is a user space utility and does not currently #include header
linux/string.h. If we wanted to use strscpy(), we'd likely need to use
this header, and also to copy the definition of the function to the
GitHub mirror. Given that - as far as I know - the current use of
strncpy() is not broken, I'm not sure this is worth the effort.


> Link: https://github.com/KSPP/linux/issues/90


I note that this Issue provides a command for looking for strncpy()
instances to replace, but this command filters out occurrences that are
under tools/:

	"git grep ... | grep -vE '^(Documentation|tools|...) ..."

Thanks,
Quentin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ