Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2509669imm; Thu, 19 Jul 2018 23:12:58 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdc+NKnJx4H3CzID83wzv2P1nJVPaBppcBvYfYUDjIPDzaUJHQnib65rEYsosKq1AnqBJwV X-Received: by 2002:a5e:9209:: with SMTP id y9-v6mr508635iop.92.1532067178472; Thu, 19 Jul 2018 23:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532067178; cv=none; d=google.com; s=arc-20160816; b=JXT961pGGPjgmLJo4HHabkuDuoiISbBxR05YeVt9iAh5S5fZnHBxAY7J4IXvGvR7Vl r0MpRvqxWJSb4harWUg6TtYBzRwStg3hIEQZkrLBI1tl4nK/97QkBLBbUTz7mBzMcAi2 odFyXq3CoE4vmprqTSfMUV2THyI67IqhDs0/1yO73nkS7Icb1Ftxi27k5trKm6gcXgQN Idn3qjyCxuQ+6Gl2L6h5AAP4GOcFI2ezf75r8H9ObKUw+Thq8/ZrVZmuGU7mCr1A7PCh PeRbsKl6Sexf9GojKUGUX03TRvZf/BqKTs72UkObYtzl9gBNL2LiiwKK8qTxDgtAxXUo Ixcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=cG+7zmpB1XLKeCdVoQqdMVIYF0TN9YAgOKf6QDBtVcI=; b=jZhG0QLLEKvXuc/m33UJCuK7rAqVFKArCbKjq1lCro1Rl4SwI5kh1qbzI6JQ8RJTBb AUBtya/sWGBwd997GSeV4OIipSE/ZFWOr+iaetYYkoT7noW1+T0F0juEtHdkkDJv3gLC h37+U1PaBt9DkrdLjOL6z1Pj572zjsGh3HBqJQSNA0uSPj0TFu5ZgqzrMUWlHzHot+T1 skESdUJUseaKVZfIL4x5dWU6unBkEy+gRlQHUyyc8N6Gkx5CWeUASNc9MLW0ZwK+F5cd N4p5NAwm76R7r8EQXGHJZI83hhns8F/yJvmDSGA1WPvXdPKlSgtViy0Nuy6QcZ1YGQGn Ke9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u26-v6si834013jaa.125.2018.07.19.23.12.43; Thu, 19 Jul 2018 23:12:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727359AbeGTG6o (ORCPT + 99 others); Fri, 20 Jul 2018 02:58:44 -0400 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:29553 "EHLO mail3-relais-sop.national.inria.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727201AbeGTG6o (ORCPT ); Fri, 20 Jul 2018 02:58:44 -0400 X-IronPort-AV: E=Sophos;i="5.51,377,1526335200"; d="scan'208";a="273562197" Received: from abo-214-111-68.mrs.modulonet.fr (HELO [192.168.0.15]) ([85.68.111.214]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Jul 2018 07:49:59 +0200 Date: Fri, 20 Jul 2018 07:49:59 +0200 (CEST) From: Julia Lawall X-X-Sender: jll@hadrien To: Dominique Martinet cc: Masahiro Yamada , =?ISO-8859-15?Q?Ville_Syrj=E4l=E4?= , Gilles Muller , Nicolas Palix , Michal Marek , cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] coccinelle: suggest replacing strncpy+truncation by strscpy In-Reply-To: <20180720054050.GA32233@nautica> Message-ID: References: <1531555951-9627-1-git-send-email-asmadeus@codewreck.org> <1532047018-23754-1-git-send-email-asmadeus@codewreck.org> <20180720054050.GA32233@nautica> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 20 Jul 2018, Dominique Martinet wrote: > Julia Lawall wrote on Fri, Jul 20, 2018: > > > strscpy does however not clear the end of the destination buffer, so > > > there is a risk of information leak if the full buffer is copied as is > > > out of the kernel - this needs manual checking. > > > > As fasr as I can tell from lkml, only one of these patches has been > > accepted? There was also a concern about an information leak that there > > was no response to. Actually, I would prefer that more of the generated > > patches are accepted before accepting the semantic patch, for something > > that is not quite so obviously correct. > > As I'm pointing to the script which generated the patch in the generated > patches, I got told that it would be better to get the coccinelle script > accepted first, and asked others to hold on taking the patches at > several places - I didn't resend any v2 of these with strscpy yet mostly > for that reason. I can't accept a semantic patch for which I can't judge the correctness. It would be better to put a proper commit message in the individual patches and get them accepted first. The actual change is made by a script that is only a few lines long. You can put those lines in your commit message if you like. > There were concerns for information leaks that I believe I adressed in > the specific patch that was pointed out by the concern (I might have > missed some?), but I'll take the time to check all the patches > individually before resending as well as filling in better commit > messages which also was one of the main concerns. > > I'm however a bit stuck if I'm waiting for the cocinelle script to be > accepted to resend the patches, but you're waiting for the individual > patches to be accepted to take the script... :) > > > I guess there is no value in the script landing first by itself, I'll > just remove the script path from the commit messages and resend the > first few this weekend. It's not that there is no value to the script. The problem is that I don't know if the script is correct - I'm not familiar with these string functions. Once the script is in the kernel, it stays there beyond your patches, so I would prefer to know that it is correct up front, rather than having to remove it afterwards. julia