| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jan 2023 11:28:17 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: <yang.yang29@....com.cn>
Cc: <santosh.shilimkar@...cle.com>, <davem@...emloft.net>,
<edumazet@...gle.com>, <pabeni@...hat.com>,
<netdev@...r.kernel.org>, <linux-rdma@...r.kernel.org>,
<rds-devel@....oracle.com>, <linux-kernel@...r.kernel.org>,
<xu.panda@....com.cn>
Subject: Re: [PATCH net-next v2] net/rds: use strscpy() to instead of
strncpy()
On Fri, 13 Jan 2023 15:13:12 +0800 (CST) yang.yang29@....com.cn wrote:
> > What are the differences in behavior between strncpy() and strscpy()?
>
> Strscpy() makes the dest string NUL-terminated, and returns more
> useful value. While strncpy() can initialize the dest string.
>
> Here we use strscpy() to make dest string NUL-terminated, and use
> return value to check src string size and dest string size. This make
> the code simpler.
I'm not sure whether in this particular case the output needs
to be padded or not. And I'm not sure you understand what the
implications are.
The code is fine as is, and I don't trust that you know what
you're doing. So please don't send any more strncpy() -> strscpy()
conversions for networking.
If you want to do something useful please start with adding a check
to checkpatch to warn people against using strncpy() and suggest using
strscpy() instead.
Powered by blists - more mailing lists