All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: Thomas Huth <thuth@redhat.com>, Chetan <chetan4windows@gmail.com>,
	qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Subject: Re: Better alternative to strncpy in QEMU.
Date: Tue, 13 Apr 2021 09:32:22 +0200	[thread overview]
Message-ID: <1d9b49b5-a771-8b5e-1220-ba82efc9572e@redhat.com> (raw)
In-Reply-To: <162f832d-ea91-a8f4-6f1d-56cda086f481@redhat.com>

On 12/04/21 06:51, Thomas Huth wrote:
>>
> 
> I think this is pretty much the same as g_strlcpy() from the glib:
> 
> https://developer.gnome.org/glib/2.66/glib-String-Utility-Functions.html#g-strlcpy 
> 
> So I guess Paolo had something different in mind when adding this task?

Yes, I did.  strncpy is used legitimately when placing data in a 
fixed-size buffer that is written to a socket, to a file or to guest 
memory.  The problem with using g_strlcpy in those cases is that it does 
not write past the first '\0' character, and therefore it can leak host 
data.

What I had in mind was basically strncpy plus an assertion that the last 
copied byte will be set to 0.  It can be written in many ways, for 
example strncpy followed by assert(dest[destlen - 1] == '\0'), or like 
assert(strlen(src) < destlen) followed by strncpy, or of course you 
could write a for loop by hand.

Once you do that, you can split uses of strncpy in two: those where the 
reader expects the last byte to be zero, and those where the reader does 
not.  (I don't expect many cases of the first type, because the reader 
always has to think of how to handle a malicious data stream that does 
not have a zero termination).

As long as you avoid the accidentally quadratic behavior that Peter 
pointed out, any way is fine since performance does not matter on these 
paths.  Making the code nice and readable is more important.

Paolo



  reply	other threads:[~2021-04-13  7:33 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-11 13:50 Better alternative to strncpy in QEMU Chetan
2021-04-12  4:51 ` Thomas Huth
2021-04-13  7:32   ` Paolo Bonzini [this message]
2021-04-12 13:19 ` Peter Maydell
2021-04-13  2:50   ` Chetan
     [not found] <mailman.36964.1618210428.30242.qemu-devel@nongnu.org>
2021-04-12 12:48 ` Bruno Piazera Larsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1d9b49b5-a771-8b5e-1220-ba82efc9572e@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=chetan4windows@gmail.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.