| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <47F53A47-D331-4DC5-8146-7ED09C65177F@linux.dev> Date: Wed, 13 Aug 2025 14:15:50 +0200 From: Thorsten Blum <thorsten.blum@...ux.dev> To: Petr Pavlu <petr.pavlu@...e.com> Cc: Thomas Weißschuh <linux@...ssschuh.net>, Shyam Saini <shyamsaini@...ux.microsoft.com>, Luis Chamberlain <mcgrof@...nel.org>, Dmitry Antipov <dmantipov@...dex.ru>, linux-kernel@...r.kernel.org, linux-modules@...r.kernel.org Subject: Re: [PATCH] params: Replace deprecated strcpy() with strscpy() On 13. Aug 2025, at 13:42, Petr Pavlu wrote: > On 8/13/25 11:33 AM, Thorsten Blum wrote: >> On 13. Aug 2025, at 10:59, Petr Pavlu wrote: >>> Since the code already calculated the length of val and that it fits >>> into kps->string, is there any advantage (or disadvantage) to using >>> strscpy() over memcpy()? >> >> strscpy() guarantees that the destination buffer 'kps->string' is always >> NUL-terminated, even if the source 'val' is not. memcpy() just copies >> the bytes as they are. >> >> If it were guaranteed that 'val' is always NUL-terminated, memcpy() >> would be fine too, but since param_set_copystring() is exported, we >> probably can't make that assumption. > > The function param_set_copystring() checks using > 'strnlen(val, kps->maxlen) == kps->maxlen' if val contains NUL in the > first kps->maxlen bytes. It can use memcpy() instead of strscpy() to > avoid repeating this work. I see, and yes memcpy(kps->string, val, len + 1); would then be slightly more efficient because strscpy() would just recompute the length before calling memcpy() internally. I'll submit a v2. Thanks, Thorsten
Powered by blists - more mailing lists