linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Russell King <rmk+lkml@arm.linux.org.uk>
To: Felipe Alfaro Solana <felipe_alfaro@linuxmail.org>
Cc: "YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B" <yoshfuji@linux-ipv6.org>,
	davem@redhat.com,
	Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>,
	netdev@oss.sgi.com
Subject: Re: [PATCH 2.6]: IPv6: strcpy -> strlcpy
Date: Thu, 27 Nov 2003 22:19:28 +0000	[thread overview]
Message-ID: <20031127221928.F25015@flint.arm.linux.org.uk> (raw)
In-Reply-To: <1069970770.2138.10.camel@teapot.felipe-alfaro.com>; from felipe_alfaro@linuxmail.org on Thu, Nov 27, 2003 at 11:06:10PM +0100

On Thu, Nov 27, 2003 at 11:06:10PM +0100, Felipe Alfaro Solana wrote:
> On Thu, 2003-11-27 at 21:00, Russell King wrote:
> > > 
> > > I believe that it, to change from strcpy() to strlcpy(), just 
> > > eliminates possibility of buffer-overrun.
> > 
> > While this is 100% correct, the bit which raised my attention was the
> > original message which didn't seem to show that the above had been
> > considered.
> 
> Well, I can't see the difference between using strcpy() and strlcpy().

You misunderstand me.  Consider the difference between:

	strcpy(d, s)
	strlcpy(d, s, sizeof(d));
	strncpy(d, s, sizeof(d));

strncpy zeros the remainder of d if strlen(s) < sizeof(d), but does not
zero terminate the buffer if strlen(s) == sizeof(d).  (Note: this is
how strncpy under the Linux kernel is supposed to work, and yes, the
generic strncpy version in lib/string.c is still buggy.)

strlcpy copies up to the smaller of strlen(s)-1 and sizeof(d)-1, and
ensures that the string is null terminated.  If strlen(s) < sizeof(d)-1,
bytes in d will not be written.

Note my final sentence there.  Consider the following:

	char foo[256];

	strlcpy(foo, "hello", sizeof(foo);

	copy_to_user(uptr, foo, sizeof(foo));

That ends up writing uninitialised kernel data to (unprivileged) user
space.  So would strcpy() used in that situation.

strncpy() on the other hand, will zero the rest of the buffer (on x86
at least) but you'll have to manually ensure that there is a terminator
on the end.  Or, you use strlcpy but memset the entire space you're
copying the string into beforehand, which could be wasteful.

Note: we should really fix the generic strncpy() - there are places in
the kernel source which rely on the x86 strncpy() behaviour today (eg,
binfmt_*.c core file generation.)

-- 
Russell King
 Linux kernel    2.6 ARM Linux   - http://www.arm.linux.org.uk/
 maintainer of:  2.6 PCMCIA      - http://pcmcia.arm.linux.org.uk/
                 2.6 Serial core

  reply	other threads:[~2003-11-27 22:19 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-11-27  8:14 [PATCH 2.6]: IPv6: strcpy -> strlcpy Felipe Alfaro Solana
2003-11-27  8:33 ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-27 10:59   ` David S. Miller
2003-11-27 12:04     ` Felipe Alfaro Solana
2003-11-27 12:09       ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-27 19:46         ` Russell King
2003-11-27 19:54           ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-27 20:00             ` Russell King
2003-11-27 20:47               ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-27 21:14                 ` Murray J. Root
2003-11-27 22:06               ` Felipe Alfaro Solana
2003-11-27 22:19                 ` Russell King [this message]
2003-11-27 22:33                   ` Russell King
2003-11-28  1:34                     ` Mitchell Blank Jr
2003-11-27 23:03                   ` Felipe Alfaro Solana
2003-11-28  0:23                     ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-28  0:26                       ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-28  0:40                         ` YOSHIFUJI Hideaki / 吉藤英明
2003-11-28 11:22                           ` Jörn Engel
     [not found] <Wt8p.1R5.13@gated-at.bofh.it>
     [not found] ` <Wti7.2fc.19@gated-at.bofh.it>
     [not found]   ` <WAjQ.83K.37@gated-at.bofh.it>
     [not found]     ` <WAte.8iX.5@gated-at.bofh.it>
     [not found]       ` <WACW.a9.19@gated-at.bofh.it>
     [not found]         ` <WCuZ.2Tm.11@gated-at.bofh.it>
     [not found]           ` <WCOd.3u0.1@gated-at.bofh.it>
2003-11-28 14:04             ` Ihar 'Philips' Filipau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031127221928.F25015@flint.arm.linux.org.uk \
    --to=rmk+lkml@arm.linux.org.uk \
    --cc=davem@redhat.com \
    --cc=felipe_alfaro@linuxmail.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@oss.sgi.com \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).