| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f6c4944d-c6c2-4a7e-8dd3-791d0c29022b@linux.dev>
Date: Thu, 17 Jul 2025 09:49:07 -0700
From: Yonghong Song <yonghong.song@...ux.dev>
To: Suchit Karunakaran <suchitkarunakaran@...il.com>, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev,
eddyz87@...il.com, song@...nel.org, john.fastabend@...il.com,
kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org,
bpf@...r.kernel.org
Cc: skhan@...uxfoundation.org, linux-kernel-mentees@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] libbpf: Replace strcpy() with memcpy() in
bpf_object__new()
On 7/17/25 4:59 AM, Suchit Karunakaran wrote:
> Replace the unsafe strcpy() call with memcpy() when copying the path
> into the bpf_object structure. Since the memory is pre-allocated to
> exactly strlen(path) + 1 bytes and the length is already known, memcpy()
> is safer than strcpy().
I don't understand in this particular context why strcpy()
is less safer than memcpy(). Both of them will achieve the
exactly same goal.
>
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@...il.com>
> ---
> tools/lib/bpf/libbpf.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 52e353368f58..279f226dd965 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -1495,7 +1495,7 @@ static struct bpf_object *bpf_object__new(const char *path,
> return ERR_PTR(-ENOMEM);
> }
>
> - strcpy(obj->path, path);
> + memcpy(obj->path, path, strlen(path) + 1);
> if (obj_name) {
> libbpf_strlcpy(obj->name, obj_name, sizeof(obj->name));
> } else {
Powered by blists - more mailing lists