From: David Laight <David.Laight@ACULAB.COM>
To: "'luobin (L)'" <luobin9@huawei.com>, Kees Cook <keescook@chromium.org>
Cc: David Miller <davem@davemloft.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"luoxianjun@huawei.com" <luoxianjun@huawei.com>,
"yin.yinshi@huawei.com" <yin.yinshi@huawei.com>,
"cloud.wangxiaoyun@huawei.com" <cloud.wangxiaoyun@huawei.com>,
"chiqijun@huawei.com" <chiqijun@huawei.com>
Subject: RE: [PATCH net-next v1] hinic: fix strncpy output truncated compile warnings
Date: Mon, 10 Aug 2020 08:15:48 +0000 [thread overview]
Message-ID: <fad888cb3cdc4a05b091bf22711479b0@AcuMS.aculab.com> (raw)
In-Reply-To: <493cae67-6346-1a57-5cca-65a2b6d2aeba@huawei.com>
> Thanks for your explanation and review. I haven't realized using strncpy() on NUL-terminated strings
> is deprecated
> and just trying to avoid the compile warnings. The website you provide helps me a lot. Thank you very
> much!
Never try to remove compile-time warnings without understanding
what the code it doing.
The basic problem is that strncpy() almost [1] never does what you want.
It really expects it's input string to be '\0' terminated but
doesn't guarantee the output will be, and also (typically) wastes
cpu cycles zero filling the output buffer.
Someone then defined strscpy() as an alternative, it guarantees
to '\0' the output and doesn't zero fill - which can be an issue.
However strscpy() has it's own problems, the return value is
defined to be the length of the input string - which absolutely
requires it be '\0' terminated. With 'unknown' input this can
page fault!
[1] This fragment looked wrong, but was right!
strncpy(dest, src, sizeof src);
Naive conversion to remove the strncpy() broke it.
In fact 'dest' was 1 byte longer than 'src' and already
zero filled, 'src' might not have been '\0' terminated.
It is about the only time strncpy() is what you want!
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2020-08-10 8:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-07 2:09 [PATCH net-next v1] hinic: fix strncpy output truncated compile warnings Luo bin
2020-08-07 9:32 ` David Laight
2020-08-08 3:36 ` luobin (L)
2020-08-08 3:42 ` David Miller
2020-08-08 6:44 ` Kees Cook
2020-08-09 3:19 ` luobin (L)
2020-08-10 8:15 ` David Laight [this message]
2020-08-09 2:59 ` luobin (L)
2020-08-08 12:50 ` David Laight
2020-08-09 3:35 ` luobin (L)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fad888cb3cdc4a05b091bf22711479b0@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=chiqijun@huawei.com \
--cc=cloud.wangxiaoyun@huawei.com \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luobin9@huawei.com \
--cc=luoxianjun@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=yin.yinshi@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).