Re: Sound updating, security of strlcpy and a question on pci v
Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Fri, 11 Jul 2003 21:04:53 +0200 (CEST)
> I'm currently updating the prehistoric OSS audio code in 2.5 to include
> all the new 2.4 drivers and 2.4 work. While some of them overlap ALSA
> drivers others are not in ALSA yet either.
>
> Firstly someone turned half the kernel into using strlcpy. Every single
> change I looked at bar two in the sound layer introduced a security
> hole. It looks like whoever did it just fired up a perl macro without
> realising the strncpy properties matter for data copied to user space.
> Looks like the rest wants auditing
What's the difference there? strlcpy always creates null-terminated
string, strncpy doesn't. strncpy in kernel (unlike user strncpy) does not
pad the whole destination buffer with zeros (see comment and
implementation in lib/string.c), so I don't see any point why strncpy
should be more secure.
Mikulas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/