On Mon, 16 Jul 2018 13:42:06 +0200 Dominique Martinet <asmadeus@xxxxxxxxxxxxx> wrote: > Jonathan Cameron wrote on Sun, Jul 15, 2018: > > On Fri, 13 Jul 2018 03:25:34 +0200 > > Dominique Martinet <asmadeus@xxxxxxxxxxxxx> wrote: > > > Generated by scripts/coccinelle/misc/strncpy_truncation.cocci > > > > > > Signed-off-by: Dominique Martinet <asmadeus@xxxxxxxxxxxxx> > > > > Applied to the togreg branch of iio.git and pushed out as testing > > for the autobuilders to play with it. > > Thanks! > > I have been pointed out that strlcpy, unlike strncpy, will read past the > size given in the input string and thus is Bad™ if the input string is > not nul terminated. > > After taking the time to check I believe this should not happen as the > original name seems to come from a dentry's d_name after proper > preparation (a buffer is allocated precisely for this purpose), but it > will not hurt to wait for that version. > > > The second reason I was waiting is that I intended to check for each > patch if it is safe to not pad the end of the string with zeroes (to > avoid e.g. information leaks) and that seems OK as well here after a > quick check but I wouldn't trust my own eyes this late so I'll let you > be judge of that if you feel like taking v1 anyway. > > Otherwise, I'll recheck properly and submit a v2 with strscpy and a > better commit message after the coccinelle script is taken for inclusion > and doing a better check but this might take a while longer. > > > Thanks, In this particular case I'm fairly sure it is safe so I'll leave it as is. Thanks, Jonathan -- To unsubscribe from this list: send the line "unsubscribe linux-iio" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
