lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAD=FV=V06iHUurHQYN07ri=2-5tHon3G2OMnT1rtZ2Qp7EAW+w@mail.gmail.com>
Date: Fri, 15 Aug 2025 07:32:40 -0700
From: Doug Anderson <dianders@...omium.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Jason Wessel <jason.wessel@...driver.com>, Daniel Thompson <danielt@...nel.org>, 
	Nir Lichtman <nir@...htman.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
	Yuran Pereira <yuran.pereira@...mail.com>, linux-hardening@...r.kernel.org, 
	Daniel Thompson <daniel@...cstar.com>, kgdb-bugreport@...ts.sourceforge.net, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] kdb: Replace deprecated strcpy() with strscpy() and memcpy()

Hi,

On Fri, Aug 15, 2025 at 3:48 AM Thorsten Blum <thorsten.blum@...ux.dev> wrote:
>
> Hi Doug,
>
> On 15. Aug 2025, at 04:05, Doug Anderson wrote:
> > Let's think about some test cases...
> >
> > Old code:
> > mp->usage = kdb_strdup(argv[2], GFP_KDB);
> > if (mp->usage[0] == '"') {
> >  strcpy(mp->usage, argv[2]+1);
> >  mp->usage[strlen(mp->usage)-1] = '\0';
> > }
> >
> > New code:
> > mp->usage = kdb_strdup(argv[2], GFP_KDB);
> > if (mp->usage[0] == '"')
> >  strscpy(mp->usage, argv[2] + 1, strlen(argv[2]) - 1);
> >
> > Example string: argv[2] = "\"xyz\""
> >
> > Old:
> >  mp->usage = strdup("\"xyz\"")
> >  mp->usage becomes "xyz\""
> >  mp->usage becomes "xyz"
> >
> > New:
> >  mp->usage = strdup("\"xyz\"")
> >  mp->usage becomes "xyz\""
> >  mp->usage doesn't change (!)
> >
> > To match old behavior, I think you'd need "strlen(argv[2]) - 2", right?
>
> No, it should be "strlen(argv[2]) - 1" to match the old behavior.
>
> In the new code, there are only two steps instead of three.
>
> With your example source string "\"xyz\"" in argv[2]:
>
>         strscpy(mp->usage, argv[2] + 1, strlen(argv[2]) - 1)
>
> evaluates to:
>
>         strscpy(mp->usage, "xyz\"", strlen("\"xyz\"") - 1)
>
> strlen("\"xyz\"") is 5, so this becomes:
>
>         strscpy(mp->usage, "xyz\"", 4)
>
> Unlike strcpy(), strscpy() copies at most 'size - 1' characters and then
> appends a NUL terminator. In the example, it copies only the first three
> bytes (xyz) and then appends a NUL terminator, effectively replacing the
> trailing quote. The result is "xyz", the same as before.

Ugh, I missed that strscpy() implicitly takes away an extra character.
So, yes, your version does appear correct in that sense. It's
definitely non-obvious and I agree with Daniel that it doesn't feel
like the right way to use strscpy().

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ