Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9578183ybi; Wed, 24 Jul 2019 06:32:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqwEgNJyWn8cvu7hRx5T+L0zH60f7erNiGKOQypDWwuXAxNo3cdfWQqV9sOQBacxHxgVFwmQ X-Received: by 2002:a17:902:8696:: with SMTP id g22mr83826154plo.249.1563975155445; Wed, 24 Jul 2019 06:32:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563975155; cv=none; d=google.com; s=arc-20160816; b=WfY/3Anxn2vyu7ZVNEV/bZ47yjRDJIr1JrbcD/mFT1sMKpDLu1K2NEXZsn+rBr4ZjB 1p2IxiEhCXxOa5yak8O2eInQXd+CdcBfuE3bhYWehi0FfamXfuAE1a6NmV7B23H4aUCh Va1/0qSMxZsaSmtjOHYWCMLifezEX37vdJ2JwfDguG6QpV9ur9rWbxd91eyE8xxoai76 2OmKwcu2yx+UYbnw0u7LkLoJmO1kywJz8LvzGM4FSX5E2A4aPCBa7ZUUMnFitv71n7Hm S483wCVsjlfTX/SH8p/+TS2c04X6RBmwL3RUiIFlIeqoeUhGm+jHEwnwxjiVekDWulZF HRMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:content-transfer-encoding :mime-version:user-agent:organization:references:in-reply-to:date:cc :to:from:message-id; bh=2Sw5UclJVEOimYJUGHAwYCkoUHOF373Gut32/xUFgoU=; b=UqponkJQd2Y36ij47RN8C/3lOkqd32v3vLIEIAylmp7WJ6i3YCe1ZliR+ubPpO5nXY VLzSQnV41Aiq5UR53a71IqA40gkyWIHcDapEhI4NZbq9S4XsPXZIfY0HhOpVnrdSWQc9 gnVIlxG8UIhFWT4NKLd1F2Pt2XKAAIx1XAcARCBxdSXACQXbjvUYaJObIEdzW+mznDuV zIiVmj62lNP3kkgNSIlNbLgT2gmb2ZJO0PwSXhxK5Wl6D/JZMEaycSOUctW/8chhm0fz dtk9Joa3AtrBeWb82ZFsJRxLbJ9kuBE4oHV1Iya7ViVHwL+UjemqRHomPPyg4Yp6osfp pN/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z7si15174883plk.350.2019.07.24.06.32.21; Wed, 24 Jul 2019 06:32:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728350AbfGXMaM (ORCPT + 99 others); Wed, 24 Jul 2019 08:30:12 -0400 Received: from ou.quest-ce.net ([195.154.187.82]:58382 "EHLO ou.quest-ce.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726558AbfGXMaM (ORCPT ); Wed, 24 Jul 2019 08:30:12 -0400 X-Greylist: delayed 1449 seconds by postgrey-1.27 at vger.kernel.org; Wed, 24 Jul 2019 08:30:11 EDT Received: from [37.164.191.68] (helo=opteyam2) by ou.quest-ce.net with esmtpsa (TLS1.1:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1hqG1s-000DGH-PU; Wed, 24 Jul 2019 14:05:57 +0200 Message-ID: From: Yann Droneaud To: David Laight , 'Rasmus Villemoes' , Joe Perches , Linus Torvalds , "linux-kernel@vger.kernel.org" Cc: Jonathan Corbet , Stephen Kitt , Kees Cook , Nitin Gote , "jannh@google.com" , "kernel-hardening@lists.openwall.com" , Andrew Morton Date: Wed, 24 Jul 2019 14:05:48 +0200 In-Reply-To: <5ffdbf4f87054b47a2daf23a6afabecf@AcuMS.aculab.com> References: <7ab8957eaf9b0931a59eff6e2bd8c5169f2f6c41.1563841972.git.joe@perches.com> <5ffdbf4f87054b47a2daf23a6afabecf@AcuMS.aculab.com> Organization: OPTEYA Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.32.4 (3.32.4-1.fc30) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 37.164.191.68 X-SA-Exim-Mail-From: ydroneaud@opteya.com X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ou.quest-ce.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.2 Subject: Re: [PATCH 1/2] string: Add stracpy and stracpy_pad mechanisms X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000) X-SA-Exim-Scanned: Yes (on ou.quest-ce.net) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Le mardi 23 juillet 2019 à 15:41 +0000, David Laight a écrit : > From: Rasmus Villemoes > > Sent: 23 July 2019 07:56 > ... > > > +/** > > > + * stracpy - Copy a C-string into an array of char > > > + * @to: Where to copy the string, must be an array of char and > > > not a pointer > > > + * @from: String to copy, may be a pointer or const char array > > > + * > > > + * Helper for strscpy. > > > + * Copies a maximum of sizeof(@to) bytes of @from with %NUL > > > termination. > > > + * > > > + * Returns: > > > + * * The number of characters copied (not including the trailing > > > %NUL) > > > + * * -E2BIG if @to is a zero size array. > > > > Well, yes, but more importantly and generally: -E2BIG if the copy > > including %NUL didn't fit. [The zero size array thing could be made > > into > > a build bug for these stra* variants if one thinks that might > > actually > > occur in real code.] > > Probably better is to return the size of the destination if the copy > didn't fit > (zero if the buffer is zero length). > This allows code to do repeated: > offset += str*cpy(buf + offset, src, sizeof buf - offset); > and do a final check for overflow after all the copies. > > The same is true for a snprintf()like function > Beware that snprintf(), per C standard, is supposed to return the length of the formatted string, regarless of the size of the destination buffer. So encouraging developper to write something like code below because snprintf() in kernel behave in a non-standard way, will likely create some issues in the near future. for(;...;) offset += snprintf(buf + offset, size - offset, "......", ....); (Reminder: the code below is not safe and shouldn't be used) Regards. -- Yann Droneaud OPTEYA