From: Dan Carpenter <dan.carpenter@oracle.com>
To: Mark Mielke <mark.mielke@gmail.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Mike Christie <michael.christie@oracle.com>,
Himanshu Madhani <himanshu.madhani@oracle.com>,
Roman Bolshakov <r.bolshakov@yadro.com>,
linux-scsi@vger.kernel.org, target-devel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] scsi: target: iscsi: Use strcmp() instead of strncmp()
Date: Tue, 1 Feb 2022 14:58:55 +0300 [thread overview]
Message-ID: <20220201115855.GQ1951@kadam> (raw)
In-Reply-To: <CALm7yL0Z-A1mk5OfonTU9zu2izO54Q65nX55fpNYeaeaiZKX0A@mail.gmail.com>
On Sun, Jan 30, 2022 at 01:00:21PM -0500, Mark Mielke wrote:
> Sorry, I knee jerk react to "partial match", which was a red flag for
> me, so strncmp() is almost never used for "partial match" in my
> experience. :-)
>
> It's really that strncmp() should be used for buffer overflow
> protection, but in this case - it's not. Since, the ", 5" applies to
> the clearly visible "=All" that is both allocated and '\0' terminated.
> It should be against the remaining buffer size of text_ptr. So,
> removing the ", 5" leaves it equally as bad at buffer overflow
> protection as it was before. :-)
This isn't really about my patch we all agree leaves things "as it
was before". In this case, strncmp() was just copy and paste from the
surrounding code and not used as an overflow check.
What you're describing does exist but it's about 1% of use cases. There
are about 2868 calls to strncmp() in the kernel. In my x86 allmodconfig
only about 18 of them use strncmp() for buffer overflow checking.
Then there are some real puzzlers which do:
if (strncmp(variable, "foo", sizeof("foo")) == 0) {
regards,
dan carpenter
prev parent reply other threads:[~2022-02-01 11:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-27 8:47 [PATCH] scsi: target: iscsi: Use strcmp() instead of strncmp() Dan Carpenter
2022-01-30 18:00 ` Mark Mielke
2022-02-01 11:58 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220201115855.GQ1951@kadam \
--to=dan.carpenter@oracle.com \
--cc=himanshu.madhani@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=mark.mielke@gmail.com \
--cc=martin.petersen@oracle.com \
--cc=michael.christie@oracle.com \
--cc=r.bolshakov@yadro.com \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).