Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266945AbTGKWiZ (ORCPT ); Fri, 11 Jul 2003 18:38:25 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267004AbTGKWiZ (ORCPT ); Fri, 11 Jul 2003 18:38:25 -0400 Received: from pc2-cwma1-4-cust86.swan.cable.ntl.com ([213.105.254.86]:14777 "EHLO lxorguk.ukuu.org.uk") by vger.kernel.org with ESMTP id S266945AbTGKWiY (ORCPT ); Fri, 11 Jul 2003 18:38:24 -0400 Subject: Re: SECURITY - data leakage due to incorrect strncpy implementation From: Alan Cox To: Linus Torvalds Cc: Mikulas Patocka , Linux Kernel Mailing List In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: Message-Id: <1057963814.20636.72.camel@dhcp22.swansea.linux.org.uk> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) Date: 11 Jul 2003 23:50:15 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 950 Lines: 27 On Gwe, 2003-07-11 at 23:44, Linus Torvalds wrote: > On 11 Jul 2003, Alan Cox wrote: > > > > Lots of kernel drivers rely on the libc definition of strncpy. > > But that's ok. We _do_ do the padding. I hated it when I wrote it, but as > far as I know, the kernel strncpy() has done padding pretty much since day > one. /** * strncpy - Copy a length-limited, %NUL-terminated string * @dest: Where to copy the string to * @src: Where to copy the string from * @count: The maximum number of bytes to copy * * Note that unlike userspace strncpy, this does not %NUL-pad the buffer. * However, the result is not %NUL-terminated if the source exceeds * @count bytes. */ Only x86 does the padding - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/