On Thu, Aug 5, 2010 at 6:19 PM, Dan Carpenter <error27@xxxxxxxxx> wrote: > On Thu, Aug 05, 2010 at 06:08:08PM +0800, Changli Gao wrote: >> On Thu, Aug 5, 2010 at 5:38 PM, Dan Carpenter <error27@xxxxxxxxx> wrote: >> > The main motivation of this patch changing strcpy() to strlcpy(). >> > We strcpy() to copy a 48 byte buffers into a 49 byte buffers. So at >> > best the last byte has leaked information, or maybe there is an >> > overflow? Anyway, this patch closes the information leaks by zeroing >> > the memory and the calls to strlcpy() prevent overflows. >> >> strlcpy() can handle the terminator NUL. so you don't need to zero it. > > If there are no NUL chars in "rcvmsg->msg_data.byte_array" then strlcpy() > is sufficient, but if there is a NUL character then you need to zero the > memory. The patch handles both possibilities. > the second parameter of strlcpy() must a NUL terminated C string. I think you means strncpy(). FYI: http://lxr.linux.no/#linux+v2.6.35/lib/string.c#L146 http://lxr.linux.no/#linux+v2.6.35/lib/string.c#L119 -- Regards, Changli Gao(xiaosuo@xxxxxxxxx) -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html