| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <93578759.11447.1757322260340.JavaMail.zimbra@nod.at> Date: Mon, 8 Sep 2025 11:04:20 +0200 (CEST) From: Richard Weinberger <richard@....at> To: Miquel Raynal <miquel.raynal@...tlin.com> Cc: Rahul Kumar <rk0006818@...il.com>, Vignesh Raghavendra <vigneshr@...com>, linux-mtd <linux-mtd@...ts.infradead.org>, linux-kernel <linux-kernel@...r.kernel.org>, linux-kernel-mentees@...ts.linux.dev, Shuah Khan <skhan@...uxfoundation.org>, pratyush <pratyush@...nel.org> Subject: Re: [PATCH v2] mtd: sm_ftl: replace strncpy with memcpy ----- Ursprüngliche Mail ----- > Von: "Miquel Raynal" <miquel.raynal@...tlin.com> > An: "Rahul Kumar" <rk0006818@...il.com> >> - strncpy(buf, sm_attr->data, sm_attr->len); >> - return sm_attr->len; >> + memcpy(buf, sm_attr->data, sm_attr->len); >> + buf[sm_attr->len] = '\0'; >> + return sm_attr->len + 1; > > Are we sure the buffer is always sm_attr->len + 1 long? Can we please just stop messing with perfectly fine code? I'm sick of the war on string functions. First we had to replace everything with strncpy(), then strlcpy(), then strscpy(), ... Don't get me wrong, I'm all for hardening code paths where strings are arbitrary input, but in many of these cases all strings are no input or already sanitized. Thanks, //richard
Powered by blists - more mailing lists