Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2231412imm; Mon, 16 Jul 2018 04:43:25 -0700 (PDT) X-Google-Smtp-Source: AAOMgpegoQm3KwFsX/JR3eLdLv+BiblMAdfoCq2Te5JWGZYzZDiHH/2N1rm526wqftKnvSd8SgXC X-Received: by 2002:a63:5421:: with SMTP id i33-v6mr15472571pgb.417.1531741405004; Mon, 16 Jul 2018 04:43:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531741404; cv=none; d=google.com; s=arc-20160816; b=jlCdIZ/LbYAWr9cdyt5I29uR+nRVr4sSSfknbXLnzO6apDeyMC5gT/+3uqVPRDJWgi tKdmHjFhDIvDYkZPiCWNx50zy0Pn1NclG0GvvBV74ayXypUZVT2odgOhJlV7hW4it5BU 47DXOzirQDTifdHPsRXIGFeC5tW7IIGiAwMslqlXBzVh1CO3NUf0faqaj3ELYHI+DVI7 txpYXaHLFlj2KrYVq1Tlf6RnWSDat2wBeJzjuUCe/GL0rzhtbmHzNa3q+82JxDVlnTo7 4PQLMmX2fRqeaTHHL2VXaIzu3hA4yAvEnusvikIktFOAIozJHIFndKdRrgIAvjsOD3B9 GiRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=Edvst6d2xHcS+DECTeTKTPFuVmHUPcF1i3gJNqGa584=; b=m+gEiybiZtF/Wn8QgxnPZL+PAqmwoiIWXLgjzuGb+8zUYhK3KILjLahNilI4XOcSxp Tnpt1rmgPAk9bxQDFE4kttPn1wO6Z3A/d2k0syaGa0Bd5hhlbNwUCu0Q/QGJb/7TvoZX Fxhg3y57HeviB/yMSYMCX3X2abHiyw8SPsjFsYVf7aaNNIcCOUwzQx5IXPkbDNzWcyQ1 QyjVYKYq12/nUCw6+glpDX9G6GXMHn+GeP9+FlxCWkjfYw6UcK1NZWIP6Pz9ZET7mxgg 5WwHf/0iIkK99TZEYFpteBWsILiT7o1bW9N9h1wJ7CzJcUYDGeYV/J9B8yJkgG51/9VH V/qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y63-v6si29580496pgb.5.2018.07.16.04.43.09; Mon, 16 Jul 2018 04:43:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730897AbeGPMJ0 (ORCPT + 99 others); Mon, 16 Jul 2018 08:09:26 -0400 Received: from nautica.notk.org ([91.121.71.147]:36062 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728195AbeGPMJ0 (ORCPT ); Mon, 16 Jul 2018 08:09:26 -0400 Received: by nautica.notk.org (Postfix, from userid 1001) id 95CAEC009; Mon, 16 Jul 2018 13:42:21 +0200 (CEST) Date: Mon, 16 Jul 2018 13:42:06 +0200 From: Dominique Martinet To: Jonathan Cameron Cc: Hartmut Knaack , Lars-Peter Clausen , Peter Meerwald-Stadler , Lorenzo Bianconi , Linus Walleij , linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 05/18] iio: change strncpy+truncation to strlcpy Message-ID: <20180716114206.GA20555@nautica> References: <1531444483-17338-1-git-send-email-asmadeus@codewreck.org> <1531445134-19250-1-git-send-email-asmadeus@codewreck.org> <20180715113907.3813384d@archlinux> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180715113907.3813384d@archlinux> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Jonathan Cameron wrote on Sun, Jul 15, 2018: > On Fri, 13 Jul 2018 03:25:34 +0200 > Dominique Martinet wrote: > > Generated by scripts/coccinelle/misc/strncpy_truncation.cocci > > > > Signed-off-by: Dominique Martinet > > Applied to the togreg branch of iio.git and pushed out as testing > for the autobuilders to play with it. Thanks! I have been pointed out that strlcpy, unlike strncpy, will read past the size given in the input string and thus is Badâ„¢ if the input string is not nul terminated. After taking the time to check I believe this should not happen as the original name seems to come from a dentry's d_name after proper preparation (a buffer is allocated precisely for this purpose), but it will not hurt to wait for that version. The second reason I was waiting is that I intended to check for each patch if it is safe to not pad the end of the string with zeroes (to avoid e.g. information leaks) and that seems OK as well here after a quick check but I wouldn't trust my own eyes this late so I'll let you be judge of that if you feel like taking v1 anyway. Otherwise, I'll recheck properly and submit a v2 with strscpy and a better commit message after the coccinelle script is taken for inclusion and doing a better check but this might take a while longer. Thanks, -- Dominique Martinet