Re: [PATCH v2] lib: string.c: Added a funktion function strzcpy

From: Rickard Strandqvist
Date: Thu Oct 16 2014 - 17:29:40 EST


2014-10-16 23:17 GMT+02:00 Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>:
> On Thu, 16 Oct 2014 23:09:00 +0200 Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> wrote:
>
>> 2014-10-16 0:15 GMT+02:00 Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>:
>> > On Sun, 5 Oct 2014 15:06:17 +0200 Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> wrote:
>> >
>> >> Added a function strzcpy which works the same as strncpy,
>> >> but guaranteed to produce the trailing null character.
>> >>
>> >> There are many places in the code where strncpy used although it
>> >> must be zero terminated, and switching to strlcpy is not an option
>> >> because the string must nonetheless be fyld with zero characters.
>> >
>> > As I mentioned last time, I think this patch would be better if it came
>> > with follow-on patches which convert at least some of those callsites.
>> > As it stands, this function has no callers and hence it won't get
>> > tested. Plus those follow-on patches will demonstrate the value of
>> > this patch and will provide example usages.
>>
>>
>> Hi
>>
>> Sure I can do that! I have saved some patches just to be able to use
>> this new feature.
>> But should I submit everything as one patch then?
>> Or is there some kind of dependency thing I can use...
>
> [patch 1/N] lib/string.c: add strzcpy()
> [patch 2/N] foo/bar/zot.c: use strzcpy()
> [patch 3/N] fooz/barz/zot.c: use strzcpy()
> ...
>
>> I have also e-mailed with Dan about this, he pointed out the same as
>> some of my tests indicate that strzcpy maybe just should use strncpy
>> and add a null character instead because strncpy is optimized
>> depending on the hardware it runs on.
>> What do you think about that?
>
> Sounds like strzcpy() should be used in places where the entire buffer
> will be copied out to userspace, or in other situations where we want to
> zero it out for security reasons?


Hi

So that's how you write it, ok I will send them this weekend when I
have some more time.

Yes it was the safety aspect I was most yelled at when I start
swapping strncpy with strlcpy, although much of it was justified!

Even Linus was getting into the debate. See more:
https://plus.google.com/111049168280159033135/posts/1amLbuhWbh5


Kind regards
Rickard Strandqvist
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/