| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <21D85D78-EB7B-4C74-861B-43D7EDE350F7@intel.com> Date: Wed, 4 Jun 2014 22:14:05 +0000 From: "Rustad, Mark D" <mark.d.rustad@...el.com> To: Joe Perches <joe@...ches.com> CC: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>, "e1000-devel@...ts.sourceforge.net" <e1000-devel@...ts.sourceforge.net>, "Allan, Bruce W" <bruce.w.allan@...el.com>, "Brandeburg, Jesse" <jesse.brandeburg@...el.com>, "<linux-kernel@...r.kernel.org>" <linux-kernel@...r.kernel.org>, "Ronciak, John" <john.ronciak@...el.com>, Netdev <netdev@...r.kernel.org>, Linux NICS <Linux-nics@...tope.jf.intel.com> Subject: Re: [E1000-devel] [PATCH] net: ethernet: intel: ixgbe: ixgbe_main.c: Cleaning up missing null-terminate after strncpy call On Jun 4, 2014, at 2:55 PM, Joe Perches <joe@...ches.com> wrote: > On Wed, 2014-06-04 at 23:29 +0200, Rickard Strandqvist wrote: >> Added a guaranteed null-terminate after call to strncpy. > > Perhaps all of these should be strlcpy The code that is there seems fine. The length of the array exceeds the length of the literal, and the strncpy ensures that the entire buffer is initialized so no information can possibly leak from the kernel. I think this is fine as it is without any patch. -- Mark Rustad, Networking Division, Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists