| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <4916492F-AE8D-4153-B268-39B86A8CF57F@linux.dev> Date: Fri, 28 Feb 2025 09:33:04 +0100 From: Thorsten Blum <thorsten.blum@...ux.dev> To: Guenter Roeck <linux@...ck-us.net> Cc: Jean Delvare <jdelvare@...e.com>, Jerome Brunet <jbrunet@...libre.com>, Patryk Biel <pbiel7@...il.com>, Ninad Palsule <ninad@...ux.ibm.com>, Peter Zijlstra <peterz@...radead.org>, Patrick Rudolph <patrick.rudolph@...ements.com>, linux-hardening@...r.kernel.org, linux-hwmon@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] hwmon: (pmbus/core) Replace deprecated strncpy() with strscpy() On 27. Feb 2025, at 23:37, Guenter Roeck wrote: > On 2/27/25 09:39, Thorsten Blum wrote: >> strncpy() is deprecated for NUL-terminated destination buffers; use >> strscpy() instead. >> Compile-tested only. >> Link: https://github.com/KSPP/linux/issues/90 >> Cc: linux-hardening@...r.kernel.org >> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev> >> --- > > What guarantees that strlen(lstring) < sizeof(label->label) ? Hi Guenter, I don't think it matters for this patch. If lstring >= label, strscpy() behaves the same as strncpy() because the size argument is now one byte larger. If lstring < label, strscpy() NUL-terminates the destination buffer, but doesn't add NUL-padding compared to strncpy(). However, this doesn't matter because label is already zero-initialized. Thanks, Thorsten
Powered by blists - more mailing lists