| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1362454672.3768.383.camel@deadeye.wl.decadent.org.uk> Date: Tue, 5 Mar 2013 03:37:52 +0000 From: Ben Hutchings <bhutchings@...arflare.com> To: Chen Gang <gang.chen@...anux.com> CC: David Laight <David.Laight@...LAB.COM>, <venkat.x.venkatsubra@...cle.com>, David Miller <davem@...emloft.net>, <rds-devel@....oracle.com>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] net/rds: using strlcpy instead of strncpy On Tue, 2013-03-05 at 11:32 +0800, Chen Gang wrote: > 于 2013年03月05日 11:16, Ben Hutchings 写道: > > I think it is wrong, and the code should be changed to do either: > > > > 1. Zero-initialise the whole of the name, then use strlcpy(). > > 2. Keep using strncpy(), and also set the last byte of name to 0. > > > > I think what I have done is just like your choice "2." > for me, I think they are equal: > > - strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); > + strlcpy(ctr.name, names[i], sizeof(ctr.name)); > > > strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); > + ctr.name[sizeof(ctr.name) - 1] = '\0'; They are not. strncpy() pads with zeroes to the end of the given buffer whereas strlcpy() adds only a single zero byte (and truncates if necessary to fit the zero byte). Ben. -- Ben Hutchings, Staff Engineer, Solarflare Not speaking for my employer; that's the marketing department's job. They asked us to note that Solarflare product names are trademarked. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists