Re: [PATCH v3] lib/string.c: implement stpcpy

From: Andy Shevchenko
Date: Fri Aug 28 2020 - 04:18:05 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH V2] serial: qcom_geni_serial: To correct QUP Version detection logic"
Previous message: Greg Kroah-Hartman: "Re: [PATCH v10 5/5] drivers/tty/serial: add LiteUART driver"
In reply to: Kees Cook: "Re: [PATCH v3] lib/string.c: implement stpcpy"
Next in thread: Nick Desaulniers: "Re: [PATCH v3] lib/string.c: implement stpcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 28, 2020 at 1:26 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> On Thu, Aug 27, 2020 at 11:05:42PM +0300, Andy Shevchenko wrote:
> > In general it's better to have a robust API, but what may go wrong
> > with the interface where we have no length of the buffer passed, but
> > we all know that it's PAGE_SIZE?
> > So, what's wrong with doing something like
> > strcpy(buf, "Yes, we know we won't overflow here\n");
>
> (There's a whole thread[1] about this right now, actually.)
>
> The problem isn't the uses where it's safe (obviously), it's about the
> uses where it is NOT safe. (Or _looks_ safe but isn't.) In order to
> eliminate bug classes, we need remove the APIs that are foot-guns. Even
> if one developer never gets it wrong, others might.
>
> [1] https://lore.kernel.org/lkml/c256eba42a564c01a8e470320475d46f@xxxxxxxxxxxxxxxx/T/#mac95487d7ae427de03251b49b75dd4de40c2462d

Seems to me that this is a fixation on an abstract problem that never
exists (of course, if a developer has brains to think).

--
With Best Regards,
Andy Shevchenko

Next message: Greg Kroah-Hartman: "Re: [PATCH V2] serial: qcom_geni_serial: To correct QUP Version detection logic"
Previous message: Greg Kroah-Hartman: "Re: [PATCH v10 5/5] drivers/tty/serial: add LiteUART driver"
In reply to: Kees Cook: "Re: [PATCH v3] lib/string.c: implement stpcpy"
Next in thread: Nick Desaulniers: "Re: [PATCH v3] lib/string.c: implement stpcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]