lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Oct 2020 12:18:58 +0200
From:   Francis Laniel <laniel_francis@...vacyrequired.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Kees Cook <keescook@...omium.org>, linux-hardening@...r.kernel.org,
        davem@...emloft.net
Subject: Re: [RFC][PATCH v2 0/3] Fix inefficiences and rename nla_strlcpy

Le mardi 20 octobre 2020, 01:34:12 CEST Jakub Kicinski a écrit :
> On Mon, 19 Oct 2020 15:58:36 -0700 Kees Cook wrote:
> > On Mon, Oct 19, 2020 at 09:45:15AM -0700, Jakub Kicinski wrote:
> > > On Mon, 19 Oct 2020 17:23:28 +0200 laniel_francis@...vacyrequired.com
> > > 
> > > wrote:
> > > > To sum up, the first patch fixes an inefficiency where some bytes in
> > > > dst were written twice, one with 0 the other with src content.
> > > > The second one modifies nla_strlcpy to return the same value as
> > > > strscpy,
> > > > i.e. number of bytes written or -E2BIG if src was truncated.
> > > > The third rename nla_strlcpy to nla_strcpy.
> > > > 
> > > > Unfortunately, I did not find how to create struct nlattr objects so I
> > > > tested my modifications on simple char*.
> > > > This is why I tag this patch set as RFC.
> > > > 
> > > > If you see any way to improve the code or have any remark, feel free
> > > > to comment.> > 
> > > You follow semantics of strscpy, yet rename to strcpy. Wouldn't it be
> > > more intuitive for developers to rename to nla_strscpy?
> > 
> > It's closer to strscpy_pad() but that seems a long name. What's
> > preferred from the NLA perspective?
> 
> I think the pad part is pretty much implied in the netlink world.
> All this stuff goes to user space, so we can't have uninit memory.
> We may get more informed opinions once this hits netdev@.

I will rename it nla_strscpy for the next version and we will discuss the name 
with the netdev list.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ