lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aIUJTK4JOxo0lDv0@fjasle.eu>
Date: Sat, 26 Jul 2025 18:59:13 +0200
From: Nicolas Schier <nicolas.schier@...ux.dev>
To: Suchit K <suchitkarunakaran@...il.com>
Cc: masahiroy@...nel.org, linux-kbuild@...r.kernel.org,
	linux-kernel@...r.kernel.org, skhan@...uxfoundation.org
Subject: Re: [PATCH] kconfig/lxdialog: replace strcpy() with strscpy() in
 inputbox.c

On Fri, Jul 25, 2025 at 08:06:35PM +0530 Suchit K wrote:
> > Did you compile-test this?  strscpy() is not available for user-space.
> >
> 
> Hi,
> Apologies. I didn't compile the change earlier since it was just a
> replacement of strcpy with strscpy, and I completely forgot that I was
> working with userspace tools. After seeing your comment, I tried
> compiling it and I encountered an error. Would it be more appropriate
> to use memcpy or strlcpy instead in this case? I'd really appreciate
> your guidance on the correct approach here. Thank you!

For the concrete code I'd use strlcpy, for some other uses of strcpy in
scripts/kconfig/ I'd probably choose differently.

As Franko already wrote: it would be nice if you could also send patches
for the other strcpy calls below scripts/kconfig/.

But please always compile and test your changes.

Thanks and kind regards
Nicolas


-- 
epost|xmpp: nicolas@...sle.eu          irc://oftc.net/nsc
↳ gpg: 18ed 52db e34f 860e e9fb  c82b 7d97 0932 55a0 ce7f
     -- frykten for herren er opphav til kunnskap --

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ