lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <fad888cb3cdc4a05b091bf22711479b0@AcuMS.aculab.com>
Date:   Mon, 10 Aug 2020 08:15:48 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     "'luobin (L)'" <luobin9@...wei.com>,
        Kees Cook <keescook@...omium.org>
CC:     David Miller <davem@...emloft.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "luoxianjun@...wei.com" <luoxianjun@...wei.com>,
        "yin.yinshi@...wei.com" <yin.yinshi@...wei.com>,
        "cloud.wangxiaoyun@...wei.com" <cloud.wangxiaoyun@...wei.com>,
        "chiqijun@...wei.com" <chiqijun@...wei.com>
Subject: RE: [PATCH net-next v1] hinic: fix strncpy output truncated compile
 warnings

> Thanks for your explanation and review. I haven't realized using strncpy() on NUL-terminated strings
> is deprecated
> and just trying to avoid the compile warnings. The website you provide helps me a lot. Thank you very
> much!

Never try to remove compile-time warnings without understanding
what  the code it doing.

The basic problem is that strncpy() almost [1] never does what you want.
It really expects it's input string to be '\0' terminated but
doesn't guarantee the output will be, and also (typically) wastes
cpu cycles zero filling the output buffer.

Someone then defined strscpy() as an alternative, it guarantees
to '\0' the output and doesn't zero fill - which can be an issue.
However strscpy() has it's own problems, the return value is
defined to be the length of the input string - which absolutely
requires it be '\0' terminated. With 'unknown' input this can
page fault!

[1] This fragment looked wrong, but was right!
	strncpy(dest, src, sizeof src);
Naive conversion to remove the strncpy() broke it.
In fact 'dest' was 1 byte longer than 'src' and already
zero filled, 'src' might not have been '\0' terminated.
It is about the only time strncpy() is what you want!

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ