lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <46710CF0-8AAA-464F-931D-BE809D0DDBE6@linux.dev>
Date: Fri, 15 Aug 2025 16:56:14 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Daniel Thompson <daniel@...cstar.com>
Cc: Doug Anderson <dianders@...omium.org>,
 Jason Wessel <jason.wessel@...driver.com>,
 Daniel Thompson <danielt@...nel.org>,
 Justin Stitt <justinstitt@...gle.com>,
 linux-hardening@...r.kernel.org,
 kgdb-bugreport@...ts.sourceforge.net,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kdb: Replace deprecated strcpy() with memmove() in
 vkdb_printf()

On 15. Aug 2025, at 16:32, Daniel Thompson wrote:
> On Tue, Aug 12, 2025 at 09:24:55AM -0700, Doug Anderson wrote:
>> 
>> On Tue, Aug 12, 2025 at 6:27 AM Thorsten Blum wrote:
>>> 
>>> strcpy() is deprecated and its behavior is undefined when the source and
>>> destination buffers overlap. Use memmove() instead to avoid any
>>> undefined behavior.
>>> 
>>> Adjust comments for clarity.
>>> 
>>> Link: https://github.com/KSPP/linux/issues/88
>>> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
>>> ---
>>> Changes in v2:
>>> - Use memmove() because of strcpy()'s undefined behavior with
>>>  overlapping buffers as suggested by Doug Anderson
>>> - Compile-tested only
>>> - Link to v1: https://lore.kernel.org/lkml/20250811170351.68985-1-thorsten.blum@linux.dev/
>>> ---
>>> kernel/debug/kdb/kdb_io.c | 14 ++++++++------
>>> 1 file changed, 8 insertions(+), 6 deletions(-)
>> 
>> Much nicer, thank you!
>> 
>> Given that the old code was officially relying on undefined behavior
>> of strcpy() before, I'd personally even add:
>> 
>> Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
>> 
>> In any case:
>> 
>> Reviewed-by: Douglas Anderson <dianders@...omium.org>
> 
> LGTM... and I agree that this is bug rather than a clean up so am
> waiting to hear back on the Fixes: .

Yes, the Fixes: tag is fine, of course. Thanks!

How about backporting this to stable?

Best,
Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ