Re: [PATCH v3] string: Introduce strtomem() and strtomem_pad()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/3/22 05:49, Kees Cook wrote:
> +/**
> + * strncpy - Copy a string to memory with non-guaranteed NUL padding
> + *
> + * @p: pointer to destination of copy
> + * @q: pointer to NUL-terminated source string to copy
> + * @size: bytes to write at @p
> + *
> + * If strlen(@q) >= @size, the copy of @q will stop after @size bytes,
> + * and @p will NOT be NUL-terminated
> + *
> + * If strlen(@q) < @size, following the copy of @q, trailing NUL bytes
> + * will be written to @p until @size total bytes have been written.
> + *
> + * Do not use this function. While FORTIFY_SOURCE tries to avoid
> + * over-reads of @q, it cannot defend against writing unterminated
> + * results to @p. Using strncpy() remains ambiguous and fragile.
> + * Instead, please choose an alternative, so that the expectation
> + * of @p's contents is unambiguous:
> + *
> + * +--------------------+-----------------+------------+
> + * | @p needs to be:    | padded to @size | not padded |
> + * +====================+=================+============+
> + * |     NUL-terminated | strscpy_pad()   | strscpy()  |
> + * +--------------------+-----------------+------------+
> + * | not NUL-terminated | strtomem_pad()  | strtomem() |
> + * +--------------------+-----------------+------------+
> + *
> + * Note strscpy*()'s differing return values for detecting truncation,
> + * and strtomem*()'s expectation that the destination is marked with
> + * __nonstring when it is a character array.
> + *
> + */

Hi,

I don't see the strncpy description above rendered in htmldocs output.
Instead, I got:

```

char * strncpy(char *dest, const char *src, size_t count)¶

    Copy a length-limited, C-string

Parameters

char *dest

    Where to copy the string to
const char *src

    Where to copy the string from
size_t count

    The maximum number of bytes to copy

Description

The result is not NUL-terminated if the source exceeds count bytes.

In the case where the length of src is less than that of count, the remainder of dest will be padded with NUL.
```

Thanks.

-- 
An old man doll... just what I always wanted! - Clara
[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]
  Powered by Linux