Re: Sound updating, security of strlcpy and a question on pci v unload

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Albert Cahalan <albert@users.sf.net>
To: linux-kernel <linux-kernel@vger.kernel.org>
Cc: mitch@sfgoth.com
Subject: Re: Sound updating, security of strlcpy and a question on pci v unload
Date: 12 Jul 2003 10:03:17 -0400	[thread overview]
Message-ID: <1058018597.749.1317.camel@cube> (raw)

Mitchell Blank Jr writes:
> Mikulas Patocka wrote:

>> What's the difference there? strlcpy always creates null-terminated
>> string, strncpy doesn't. strncpy in kernel (unlike user strncpy) does not
>> pad the whole destination buffer with zeros (see comment and
>> implementation in lib/string.c), so I don't see any point why strncpy
>> should be more secure.
>
> Not only that, I think the point is usually moot anyway.
> If you're filling in a structure to pass to userspace like:
>
>  struct whatever foo;
>  strncpy(foo.name, "My Driver", sizeof(foo.name));
>  foo.count = 1;
>  [...]
>
> then you're STILL probably at risk of data leakage if "struct whatever"
> requires padding on any architecture.  The real fix is to make sure
> that "foo" is explicitly zero'ed out first.  Then strlcpy-vs-strncpy
> becomes a non-issue.

gcc -Wpadding ...

If the compiler has to add padding, then the programmer
most likely messed up. The warning catches stupidity.
Necessary padding can be explicit.

next             reply	other threads:[~2003-07-12 13:56 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-12 14:03 Albert Cahalan [this message]
  -- strict thread matches above, loose matches on Subject: below --
2003-07-11 17:05 Sound updating, security of strlcpy and a question on pci v unload Alan Cox
2003-07-11 19:04 ` Mikulas Patocka
2003-07-11 22:37   ` Mitchell Blank Jr
2003-07-12  0:08 ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1058018597.749.1317.camel@cube \
    --to=albert@users.sf.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mitch@sfgoth.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.