Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp8877957ybi; Tue, 23 Jul 2019 17:14:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqzYpfMEaWH01mVX5CTOmkeHBLM5i2QiziAL4l+8OBJhLOZeL7GNdAilVw84N8s/g78z1kZp X-Received: by 2002:a63:5452:: with SMTP id e18mr62470759pgm.232.1563927268926; Tue, 23 Jul 2019 17:14:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563927268; cv=none; d=google.com; s=arc-20160816; b=m0FzAfpvYiYYdZyvWyjf5KZts6im8KHVElciOVT+0CSNYxuYs37833/6aZ21vHOY3n N9ug1AG6lMV4z6Vn2yKOHoqFS7IvPMcDUY4aplr3djxwXk7lwkMMUuxKsgInzWfJB8zV SWXUPYg+V+O08iZqOHlHObCRo70wfzSVFPaG0W7ktc/qOBVg0qUN17BC5dC2Gz4rjaE7 hanWrBoL9fFxmjCmKLJzC1KLErJTDQNFSkmWZJnW7fiPKRG8CcsLU8luLcpEi75PFpzQ icInpuL6SNBzNHbiYmiHVBxK0FLbJjehv/DuVHNsrVqL8XhmwcPglnU/G53smyC01V+T ICgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=YBcNl1Cx1gVNSGn+Kq9310BI1gMrWUUWqNCvZ/2rb/s=; b=OpHkSZmOzzdWON0vAD/DRfTKig+eNKpWx87R1yO+iF1O0ma+AlV7VxsRKr75fB7gMg 8PA9noPsNEVjGeNtucMbLLCGC3HaoDGj9gBnJV8o+5DHdJTpR1tTLki2GCCOodKAKXh5 xnrSAG8KjEi58jz5dPkRJl1JPcpkVyoRddfH9YiWqNIBuieuVTgoa/l3zs8FHwtZaerB zm/yQ+KN3gjOpwS+zCuBQpswy0VnSJgZAac3BS6a1P+2fGfNW3BuEsCq/epKEN95UhZ3 9Nf596xKoyjuksmNUSgzUiFlcrSYmFPt5zk+NZV11DqDLMAcuIPZsVJS/SBNxAkr7oAj 5ndw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=RRbq2pjM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d39si10974952pla.371.2019.07.23.17.14.13; Tue, 23 Jul 2019 17:14:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=RRbq2pjM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390580AbfGWOhG (ORCPT + 99 others); Tue, 23 Jul 2019 10:37:06 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:33937 "EHLO mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727845AbfGWOhF (ORCPT ); Tue, 23 Jul 2019 10:37:05 -0400 Received: by mail-lf1-f66.google.com with SMTP id b29so22288281lfq.1 for ; Tue, 23 Jul 2019 07:37:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=YBcNl1Cx1gVNSGn+Kq9310BI1gMrWUUWqNCvZ/2rb/s=; b=RRbq2pjMpXvz9KgvzBNVhBIj6k2ETFnueG4QX8xDJ5WLNruHjwz1L6JINxAG0AoLtJ c5QjfhUPBMbc9oGLYyjKO+/cooINg5BDHACf/+q6fNCge217NgFndpxjTo7RrTxBPoZw anV3B+QvbgTWq3vsY28TiRMC7b7EwF4WtpagU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=YBcNl1Cx1gVNSGn+Kq9310BI1gMrWUUWqNCvZ/2rb/s=; b=ntNyad2yITLzZ51Fo8cix5BTT4pC0gyMz2DhIXiDPym52yEw+j2PrLU07+hy6XmU9C skY2hu5jSI7/TD9wvPhwZs0oU2h0OVHWm93BRVw1kkIe4hG4bNVZuU6JeeKweH9/3q8j wuu0SshfWY0T8S4EWdo1uif5pbAL/RU8bHkC/CgbGOFsfKtOyczUfwlIbl0j7ShT2luI g/VDTFlPArLYC8ME45dvZ3kI8RtADRbiS1L1tY7L/Uec2gnS24kWC3+3nbKteZAWmjdx ZlaeDiAGFyOQLx+IbVVrXcbI8RKbzwFqd+m4Hwu5HKaci1NKHNtb/YUSLYLoi5Q6UwPp WpSQ== X-Gm-Message-State: APjAAAXApbf3gD0xqZTdfTx46u5iZMjHPaxxU3Tng8NrLchXMmOjWC6C up9rUxlZYjulHlO/FgUrT4Q= X-Received: by 2002:ac2:43cf:: with SMTP id u15mr23454716lfl.188.1563892623570; Tue, 23 Jul 2019 07:37:03 -0700 (PDT) Received: from [172.16.11.28] ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id e13sm8107351ljg.102.2019.07.23.07.37.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Jul 2019 07:37:03 -0700 (PDT) Subject: Re: [PATCH V2 1/2] string: Add stracpy and stracpy_pad mechanisms To: Joe Perches , Linus Torvalds , linux-kernel@vger.kernel.org Cc: Jonathan Corbet , Stephen Kitt , Kees Cook , Nitin Gote , jannh@google.com, kernel-hardening@lists.openwall.com, Andrew Morton References: From: Rasmus Villemoes Message-ID: Date: Tue, 23 Jul 2019 16:37:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23/07/2019 15.51, Joe Perches wrote: > Several uses of strlcpy and strscpy have had defects because the > last argument of each function is misused or typoed. > > Add macro mechanisms to avoid this defect. > > stracpy (copy a string to a string array) must have a string > array as the first argument (dest) and uses sizeof(dest) as the > count of bytes to copy. > > These mechanisms verify that the dest argument is an array of > char or other compatible types like u8 or s8 or equivalent. Sorry, but "compatible types" has a very specific meaning in C, so please don't use that word. And yes, the kernel disables -Wpointer-sign, so passing an u8* or s8* when strscpy() expects a char* is silently accepted, but does such code exist? > > V2: Use __same_type testing char[], signed char[], and unsigned char[] > Rename to, from, and size, dest, src and count count is just as bad as size in terms of "the expression src might contain that identifier". But there's actually no reason to even declare a local variable, just use ARRAY_SIZE() directly as the third argument to strscpy(). Rasmus