| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wi_U7S=R2ptr3dN21fOVbDGimY3-qpkSebeGtYh6pDCKA@mail.gmail.com>
Date: Sat, 17 Aug 2024 09:26:21 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Alejandro Colomar <alx@...nel.org>
Cc: Yafang Shao <laoar.shao@...il.com>, akpm@...ux-foundation.org, justinstitt@...gle.com,
ebiederm@...ssion.com, alexei.starovoitov@...il.com, rostedt@...dmis.org,
catalin.marinas@....com, penguin-kernel@...ove.sakura.ne.jp,
linux-mm@...ck.org, linux-fsdevel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org, audit@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
bpf@...r.kernel.org, netdev@...r.kernel.org, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
On Sat, 17 Aug 2024 at 01:48, Alejandro Colomar <alx@...nel.org> wrote:
>
> I would compact the above to:
>
> len = strlen(s);
> buf = kmalloc_track_caller(len + 1, gfp);
> if (buf)
> strcpy(mempcpy(buf, s, len), "");
No, we're not doing this kind of horror.
If _FORTIFY_SOURCE has problems with a simple "memcpy and add NUL",
then _FORTIFY_SOURCE needs to be fixed.
We don't replace a "buf[len] = 0" with strcpy(,""). Yes, compilers may
simplify it, but dammit, it's an unreadable incomprehensible mess to
humans, and humans still matter a LOT more.
Linus
Powered by blists - more mailing lists