Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: Raja R Harinath <harinath@hurrynot.org>
Cc: linux-kernel@vger.kernel.org, Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp
Date: Sun, 15 Nov 2009 10:44:33 -0800	[thread overview]
Message-ID: <4B004C11.8020609@schaufler-ca.com> (raw)
In-Reply-To: <87y6m8s03l.fsf@hariville.hurrynot.org>

Raja R Harinath wrote:
> Hi,
>
> Casey Schaufler <casey@schaufler-ca.com> writes:
>
>   
>> Joe Perches wrote:
>>     
> [snip]
>   
>>> I assert that code should be made as readable
>>> as possible and that the code used fit the
>>> reader's expectations.
>>>
>>> strcmp(foo, "BAR") is natural.
>>> strncmp(foo, "BAR", sizeof("BAR")) is unnatural
>>> and should not be used.
>>>       
>> Oh good gravy. I've been writing C code since the 1970's and
>> have seen enough "unnatural" code to make most people think that
>> PASCAL was a good idea. This is not unnatural code. This is an
>> argument over which side of the head of the pin the odd angel
>> should dance on. Give it up. You're advocating a gratuitous
>> change. Can't y'all go find some questionable casts to expunge?
>> That might actually be useful.
>>     
>
> I think the point is that
>
>     strncmp(foo, "BAR", sizeof("BAR"))
>
> is exceedingly similar to
>
>     strncmp(foo, "BAR", strlen("BAR"))
>
> which mean different things.  The point of this series was the suspicion
> that people who intended the "strlen" variant might have used the
> "sizeof" variant.
>   

The point is that the code is correct as written. The change
suggested, changing the sizeof to strlen, would result in
incorrect behavior in the case where foo is "BAR-BAR-BA-RAN".
The other change suggested, which is to change strncmp to
strcmp, would be functionally correct but offers no value,
might be considered less safe in certain circles, and requires
a change that, like any change, adds a trivial amount of risk.

> And, since this confusion exists, it is probably better to use two
> canonical forms for the two different meanings
>
>    strcmp(foo, "BAR")
>    strncmp(foo, "BAR", strlen("BAR"))
>
> and avoid other equivalent formulations.
>
> - Hari
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>
>
>

     prev parent reply	other threads:[~2009-11-15 18:44 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-12  7:49 [PATCH 3/4] security/selinux: decrement sizeof size in strncmp Julia Lawall
2009-11-12  7:49 ` Julia Lawall
2009-11-12  8:16 ` James Morris
2009-11-12  8:16   ` James Morris
2009-11-12 14:53   ` Serge E. Hallyn
2009-11-12 14:53     ` Serge E. Hallyn
2009-11-12 14:57     ` Julia Lawall
2009-11-12 14:57       ` Julia Lawall
2009-11-12 16:21       ` Casey Schaufler
2009-11-12 16:21         ` Casey Schaufler
2009-11-12 18:28         ` David Wagner
2009-11-12 21:41         ` James Morris
2009-11-12 21:41           ` James Morris
2009-11-12 21:59           ` Julia Lawall
2009-11-12 21:59             ` Julia Lawall
2009-11-12 23:56             ` David Wagner
2009-11-13  2:11           ` Casey Schaufler
2009-11-13  2:11             ` Casey Schaufler
2009-11-13 20:32             ` David Wagner
2009-11-13 21:23             ` Valdis.Kletnieks
2009-11-13 21:23               ` Valdis.Kletnieks
2009-11-13 21:26               ` Julia Lawall
2009-11-13 21:26                 ` Julia Lawall
2009-11-13 23:08                 ` Valdis.Kletnieks
2009-11-13 23:08                   ` Valdis.Kletnieks
2009-11-14  0:41                   ` David Wagner
2009-11-14  5:08                     ` Valdis.Kletnieks
2009-11-14 15:22                   ` Julia Lawall
2009-11-14 15:22                     ` Julia Lawall
2009-11-13 23:06               ` David Wagner
2009-11-14  3:06               ` Casey Schaufler
2009-11-14  3:06                 ` Casey Schaufler
2009-11-14  3:44                 ` David Wagner
2009-11-14  3:48                   ` Joe Perches
2009-11-14  5:12                     ` Casey Schaufler
2009-11-14  5:26                       ` Joe Perches
2009-11-14  7:20                         ` Casey Schaufler
2009-11-15  7:45                           ` Raja R Harinath
2009-11-15 18:44                             ` Casey Schaufler [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B004C11.8020609@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=harinath@hurrynot.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.