Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp

From: David Wagner
Date: Thu Nov 12 2009 - 13:28:11 EST

Next message: Tony Lindgren: "[GIT PULL] omap-fixes for v2.6.32-rc6"
Previous message: Mauro Carvalho Chehab: "Re: [PATCH] serial_core: avoid Break bouncing"
In reply to: Casey Schaufler: "Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp"
Next in thread: James Morris: "Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Casey Schaufler wrote:
> I strongly suggest that this is not what is wanted.
> strcmp(x,y)
> and
> strncmp(x,y,sizeof(y))
>
> are functionally equivalent and strcmp has a bad reputation in
> the security community because it is associated with potential
> buffer overrun issues.

It does? Hmm, I don't recall hearing of this bad reputation for strcmp().
Is there a justification for why such a reputation would be deserved?
We're not talking strcpy() here. strcmp() is fine as long as its
arguments are properly '\0'-terminated; given that, it doesn't introduce
any new buffer overrun risks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony Lindgren: "[GIT PULL] omap-fixes for v2.6.32-rc6"
Previous message: Mauro Carvalho Chehab: "Re: [PATCH] serial_core: avoid Break bouncing"
In reply to: Casey Schaufler: "Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp"
Next in thread: James Morris: "Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]