| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAO9wTFgGgoEs08PazyWvnRyEQ4tvdCgjvtLNnzX_6Ov-RjU4Rg@mail.gmail.com> Date: Fri, 18 Jul 2025 21:48:42 +0530 From: Suchit K <suchitkarunakaran@...il.com> To: Andrii Nakryiko <andrii.nakryiko@...il.com> Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org, skhan@...uxfoundation.org, linux-kernel-mentees@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH] libbpf: Replace strcpy() with memcpy() in bpf_object__new() On Fri, 18 Jul 2025 at 21:09, Andrii Nakryiko <andrii.nakryiko@...il.com> wrote: > > On Thu, Jul 17, 2025 at 10:33 AM Suchit K <suchitkarunakaran@...il.com> wrote: > > > > > This is user-space libbpf code, where the API contract mandates that > > > the path argument is a well-formed zero-terminated C string. Plus, if > > > you look at the few lines above, we allocate just enough space to fit > > > the entire contents of the string without truncation. > > > > > > In other words, there is nothing to fix or improve here. > > > > > > > Even though it’s safe in this context, would it still be a good idea > > to replace strcpy() with something like memcpy() since it's > > no, there is no need. And keep in mind that this is libbpf library > source code, which is developed as part of kernel repo, but isn't > running inside the kernel itself > Yup got it. Thank you so much for the clarification.
Powered by blists - more mailing lists