lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20230113112817.623f58fa@kernel.org>
Date:   Fri, 13 Jan 2023 11:28:17 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     <yang.yang29@....com.cn>
Cc:     <santosh.shilimkar@...cle.com>, <davem@...emloft.net>,
        <edumazet@...gle.com>, <pabeni@...hat.com>,
        <netdev@...r.kernel.org>, <linux-rdma@...r.kernel.org>,
        <rds-devel@....oracle.com>, <linux-kernel@...r.kernel.org>,
        <xu.panda@....com.cn>
Subject: Re: [PATCH net-next v2] net/rds: use strscpy() to instead of
 strncpy()

On Fri, 13 Jan 2023 15:13:12 +0800 (CST) yang.yang29@....com.cn wrote:
> > What are the differences in behavior between strncpy() and strscpy()?  
> 
> Strscpy() makes the dest string NUL-terminated, and returns more
> useful value. While strncpy() can initialize the dest string.
> 
> Here we use strscpy() to make dest string NUL-terminated, and use
> return value to check src string size and dest string size. This make
> the code simpler.

I'm not sure whether in this particular case the output needs 
to be padded or not. And I'm not sure you understand what the
implications are.

The code is fine as is, and I don't trust that you know what 
you're doing. So please don't send any more strncpy() -> strscpy()
conversions for networking.

If you want to do something useful please start with adding a check 
to checkpatch to warn people against using strncpy() and suggest using
strscpy() instead.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ