On Wed, Jun 5, 2013 at 4:48 PM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > On Fri, 31 May 2013 09:18:07 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote: > >> Fix various weird constructions of strncpy(dst, src, strlen(src)). Length >> limits should be about the space available in the destination, not >> repurposed as a method to either always include or always exclude >> a trailing NULL byte. Either the NULL should always be copied >> (using strlcpy), or it should not be copied (using something like >> memcpy). Readable code should not depend on the weird behavior of strncpy >> when it hits the length limit. Better to avoid the anti-pattern entirely. >> >> ... >> >> --- a/Documentation/accounting/getdelays.c >> +++ b/Documentation/accounting/getdelays.c >> @@ -23,6 +23,7 @@ >> #include <sys/socket.h> >> #include <sys/wait.h> >> #include <signal.h> >> +#include <bsd/string.h> >> >> #include <linux/genetlink.h> >> #include <linux/taskstats.h> >> @@ -299,7 +300,7 @@ int main(int argc, char *argv[]) >> break; >> case 'C': >> containerset = 1; >> - strncpy(containerpath, optarg, strlen(optarg) + 1); >> + strlcpy(containerpath, optarg, sizeof(containerpath)); >> break; >> case 'w': >> logfile = strdup(optarg); > > Documentation/accounting/getdelays.c:26:24: fatal error: bsd/string.h: No such file or directory > > I'll revert this part. Ah, hrm. Well, in that case, it should use strdup, as logfile does already. Do you want me to send a patch for that? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
