Date: Fri, 4 Jan 2013 20:38:32 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Mateusz Guzik <mjguzik@gmail.com> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, David Xu <davidxu@FreeBSD.org> Subject: Re: svn commit: r245036 - head/sys/kern Message-ID: <alpine.BSF.2.00.1301042036440.61411@fledge.watson.org> In-Reply-To: <20130104113354.GB26239@dft-labs.eu> References: <201301041111.r04BBDjZ013380@svn.freebsd.org> <20130104113354.GB26239@dft-labs.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 4 Jan 2013, Mateusz Guzik wrote: > On Fri, Jan 04, 2013 at 11:11:13AM +0000, David Xu wrote: >> Author: davidxu >> Date: Fri Jan 4 11:11:12 2013 >> New Revision: 245036 >> URL: http://svnweb.freebsd.org/changeset/base/245036 >> >> Log: >> Revert revision 244760 because strncpy pads trailing space with zero, >> this prevents kernel data from being leaked. > > I think it would be better to teach strlcpy to zero-pad as well. I'd rather we created new functions with new names that add the non-portable zeroing behaviour -- perhaps strlpcpy() and strnpcpy(), or something equally incomprehensible. This semantic may actually trigger bugs in code that is correct (albeit badly written) using strncpy() and strlcpy() in a way that never fully fills the buffer (due to some external invariant) and has an incorrect bounds check -- and potentially trigger performance problems when target buffers are much larger than the copied data. Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1301042036440.61411>