lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <0BB3AC5A-5B9B-4149-90CA-80171B8B0A48@linux.dev>
Date: Fri, 15 Aug 2025 12:48:02 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Doug Anderson <dianders@...omium.org>
Cc: Jason Wessel <jason.wessel@...driver.com>,
 Daniel Thompson <danielt@...nel.org>,
 Nir Lichtman <nir@...htman.org>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Yuran Pereira <yuran.pereira@...mail.com>,
 linux-hardening@...r.kernel.org,
 Daniel Thompson <daniel@...cstar.com>,
 kgdb-bugreport@...ts.sourceforge.net,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] kdb: Replace deprecated strcpy() with strscpy() and
 memcpy()

Hi Doug,

On 15. Aug 2025, at 04:05, Doug Anderson wrote:
> Let's think about some test cases...
> 
> Old code:
> mp->usage = kdb_strdup(argv[2], GFP_KDB);
> if (mp->usage[0] == '"') {
>  strcpy(mp->usage, argv[2]+1);
>  mp->usage[strlen(mp->usage)-1] = '\0';
> }
> 
> New code:
> mp->usage = kdb_strdup(argv[2], GFP_KDB);
> if (mp->usage[0] == '"')
>  strscpy(mp->usage, argv[2] + 1, strlen(argv[2]) - 1);
> 
> Example string: argv[2] = "\"xyz\""
> 
> Old:
>  mp->usage = strdup("\"xyz\"")
>  mp->usage becomes "xyz\""
>  mp->usage becomes "xyz"
> 
> New:
>  mp->usage = strdup("\"xyz\"")
>  mp->usage becomes "xyz\""
>  mp->usage doesn't change (!)
> 
> To match old behavior, I think you'd need "strlen(argv[2]) - 2", right?

No, it should be "strlen(argv[2]) - 1" to match the old behavior.

In the new code, there are only two steps instead of three.

With your example source string "\"xyz\"" in argv[2]:

	strscpy(mp->usage, argv[2] + 1, strlen(argv[2]) - 1)

evaluates to:

	strscpy(mp->usage, "xyz\"", strlen("\"xyz\"") - 1)

strlen("\"xyz\"") is 5, so this becomes:

	strscpy(mp->usage, "xyz\"", 4)

Unlike strcpy(), strscpy() copies at most 'size - 1' characters and then
appends a NUL terminator. In the example, it copies only the first three
bytes (xyz) and then appends a NUL terminator, effectively replacing the
trailing quote. The result is "xyz", the same as before.

Thanks,
Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ