* [PATCH] doc: avoid strncpy in accounting tool
@ 2013-06-06 2:49 Kees Cook
2013-06-06 16:52 ` Andreas Schwab
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Kees Cook @ 2013-06-06 2:49 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel, linux-doc
Avoid strncpy anti-pattern. Use strdup() instead, as already done for
the logfile optarg.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
Fix for -mm clean-up-scary-strncpydst-src-strlensrc-uses-fix.patch
---
Documentation/accounting/getdelays.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/accounting/getdelays.c b/Documentation/accounting/getdelays.c
index f8ebcde..1db89d3 100644
--- a/Documentation/accounting/getdelays.c
+++ b/Documentation/accounting/getdelays.c
@@ -272,7 +272,7 @@ int main(int argc, char *argv[])
char *logfile = NULL;
int loop = 0;
int containerset = 0;
- char containerpath[1024];
+ char *containerpath = NULL;
int cfd = 0;
int forking = 0;
sigset_t sigset;
@@ -299,7 +299,7 @@ int main(int argc, char *argv[])
break;
case 'C':
containerset = 1;
- strncpy(containerpath, optarg, strlen(optarg) + 1);
+ containerpath = strdup(optarg);
break;
case 'w':
logfile = strdup(optarg);
--
1.7.9.5
--
Kees Cook
Chrome OS Security
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] doc: avoid strncpy in accounting tool
2013-06-06 2:49 [PATCH] doc: avoid strncpy in accounting tool Kees Cook
@ 2013-06-06 16:52 ` Andreas Schwab
2013-06-08 18:50 ` Rob Landley
2013-06-10 21:21 ` Andrew Morton
2 siblings, 0 replies; 4+ messages in thread
From: Andreas Schwab @ 2013-06-06 16:52 UTC (permalink / raw)
To: Kees Cook; +Cc: Andrew Morton, linux-kernel, linux-doc
Kees Cook <keescook@chromium.org> writes:
> Avoid strncpy anti-pattern. Use strdup() instead, as already done for
> the logfile optarg.
There should be no need to copy the string, option arguments are stable.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] doc: avoid strncpy in accounting tool
2013-06-06 2:49 [PATCH] doc: avoid strncpy in accounting tool Kees Cook
2013-06-06 16:52 ` Andreas Schwab
@ 2013-06-08 18:50 ` Rob Landley
2013-06-10 21:21 ` Andrew Morton
2 siblings, 0 replies; 4+ messages in thread
From: Rob Landley @ 2013-06-08 18:50 UTC (permalink / raw)
To: Kees Cook; +Cc: Andrew Morton, linux-kernel, linux-doc
On 06/05/2013 09:49:30 PM, Kees Cook wrote:
> Avoid strncpy anti-pattern. Use strdup() instead, as already done for
> the logfile optarg.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> Fix for -mm clean-up-scary-strncpydst-src-strlensrc-uses-fix.patch
> ---
> Documentation/accounting/getdelays.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/accounting/getdelays.c
> b/Documentation/accounting/getdelays.c
> index f8ebcde..1db89d3 100644
> --- a/Documentation/accounting/getdelays.c
> +++ b/Documentation/accounting/getdelays.c
> @@ -272,7 +272,7 @@ int main(int argc, char *argv[])
> char *logfile = NULL;
> int loop = 0;
> int containerset = 0;
> - char containerpath[1024];
> + char *containerpath = NULL;
> int cfd = 0;
> int forking = 0;
> sigset_t sigset;
> @@ -299,7 +299,7 @@ int main(int argc, char *argv[])
> break;
> case 'C':
> containerset = 1;
> - strncpy(containerpath, optarg, strlen(optarg) +
> 1);
> + containerpath = strdup(optarg);
*boggle* That an elaborate way of doing a standard strcpy(), isn't it?
(Assuming free() being done by exit() is ok, and that somebody's going
to be modifying this string so just keeping the pointer to optarg might
make ps look weird...)
Acked-by: Rob Landley <rob@landley.net>
if Andrew hasn't grabbed it already (I'm days behind on email) please
send through trivial@kernel.org.
Rob
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] doc: avoid strncpy in accounting tool
2013-06-06 2:49 [PATCH] doc: avoid strncpy in accounting tool Kees Cook
2013-06-06 16:52 ` Andreas Schwab
2013-06-08 18:50 ` Rob Landley
@ 2013-06-10 21:21 ` Andrew Morton
2 siblings, 0 replies; 4+ messages in thread
From: Andrew Morton @ 2013-06-10 21:21 UTC (permalink / raw)
To: Kees Cook; +Cc: linux-kernel, linux-doc
On Wed, 5 Jun 2013 19:49:30 -0700 Kees Cook <keescook@chromium.org> wrote:
> Avoid strncpy anti-pattern. Use strdup() instead, as already done for
> the logfile optarg.
>
What Andreas said :)
From: Andrew Morton <akpm@linux-foundation.org>
Subject: documentation-accounting-getdelaysc-avoid-strncpy-in-accounting-tool-fix
remove the str[cpy|dup] altogether
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Rob Landley <rob@landley.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
Documentation/accounting/getdelays.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN Documentation/accounting/getdelays.c~documentation-accounting-getdelaysc-avoid-strncpy-in-accounting-tool-fix Documentation/accounting/getdelays.c
--- a/Documentation/accounting/getdelays.c~documentation-accounting-getdelaysc-avoid-strncpy-in-accounting-tool-fix
+++ a/Documentation/accounting/getdelays.c
@@ -299,7 +299,7 @@ int main(int argc, char *argv[])
break;
case 'C':
containerset = 1;
- containerpath = strdup(optarg);
+ containerpath = optarg;
break;
case 'w':
logfile = strdup(optarg);
_
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-06-10 21:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-06 2:49 [PATCH] doc: avoid strncpy in accounting tool Kees Cook
2013-06-06 16:52 ` Andreas Schwab
2013-06-08 18:50 ` Rob Landley
2013-06-10 21:21 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox