Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp2851905pxt; Mon, 9 Aug 2021 10:20:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyS0D3VCxvLpy9IrJO6eIiOBiDs4ZwOgmlEh+5vo11FU0yYevfDIjMmkaz0e0RELceNOgFh X-Received: by 2002:a02:7348:: with SMTP id a8mr23725627jae.116.1628529603278; Mon, 09 Aug 2021 10:20:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628529603; cv=none; d=google.com; s=arc-20160816; b=k26vO45r+P+VqFodQBhWRqzmKspqTGfR27a75vpEGfs9CO1max7GWZRoI+t5kmiSlo nA6Hr7+VoSxMkmKHLC5zO2cN2gUlJPcuFVYvljWcT98WmbFbojizqJlAF8LdiKiUOVSH nW09dALxeDLudIyCjA9sYP6xS29WEpRPL5iM2KxOmcRxfxjZ5G6ePX3Adr8qQ6UwALKI 997eDy23gFyGPAzR1il6C9Yz2JXknJKpEFR2Vu4t+mPof2ZM1sEONkPHt/CXqONj3SRU 7dOk0eUKnR5/my9Xia18tQuJsC8mNt6d33EWi6qBEN3ym8uO5x7KAUPHR2yA2CjlMmqR HylQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=KH/h+8TGZPPLjUBYm30pO1Ql3QhJcyNQhYX9HoX1dSQ=; b=EfuS+O5112F7gpynG3h/+loh5oMBbh0RihDReNYmezznT3KccrUddD8DOx+jpml3qy dol/iDFs/Sg4B5olw8xD+0xA7wF+zmyKeTms8ML7B/Sw5GxF+dKfO1U6NfEFLrkYvt4u DhCjAaoxKiAPOJEq+Agow/i9lT3RuV8H/g2HNnK8eJUIY/r3ZnwbkMeWkIOx6EplCbq/ k35ymIVa0OOBfKRcKyCH8xmGeaDnPY5YeSWDjY6JhVetW2UsKIwp1QJ73OGGw0Prw6U+ ZrZGJ3L5jBEtaSZccw/+ooH13eRKKH/Rifj11ZsUNBka44hY7ccDj3c5zpWPH2DlcARO Hckg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g9si9273890ila.119.2021.08.09.10.19.50; Mon, 09 Aug 2021 10:20:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234056AbhHIRT0 (ORCPT + 99 others); Mon, 9 Aug 2021 13:19:26 -0400 Received: from smtprelay0155.hostedemail.com ([216.40.44.155]:56044 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233656AbhHIRTX (ORCPT ); Mon, 9 Aug 2021 13:19:23 -0400 Received: from omf01.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay04.hostedemail.com (Postfix) with ESMTP id 96F2F1802F048; Mon, 9 Aug 2021 17:19:01 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf01.hostedemail.com (Postfix) with ESMTPA id 0A01517275; Mon, 9 Aug 2021 17:18:59 +0000 (UTC) Message-ID: <99448ef29830fda9b19409bc23b0e7513b22f7b7.camel@perches.com> Subject: Re: [PATCH v3] drivers/edac/edac_mc: Remove all strcpy() uses From: Joe Perches To: Robert Richter , Len Baker Cc: Borislav Petkov , Mauro Carvalho Chehab , Tony Luck , James Morse , Kees Cook , linux-hardening@vger.kernel.org, linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 09 Aug 2021 10:18:58 -0700 In-Reply-To: References: <20210807155957.10069-1-len.baker@gmx.com> <20210808112617.GA1927@titan> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.40.0-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 0A01517275 X-Spam-Status: No, score=-1.58 X-Stat-Signature: p5kr8prgqazzpziseafgjpraffk61fyt X-Rspamd-Server: rspamout02 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Session-ID: U2FsdGVkX180VX6TKfp7KxpfCdiqElP3tLF2OZGglEw= X-HE-Tag: 1628529539-872985 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2021-08-09 at 12:05 +0200, Robert Richter wrote: > On 08.08.21 13:26:17, Len Baker wrote: > > > > Perhaps this should use scnprintf rather than strscpy > > > Something like: > > > n += scnprintf(buf + n, len - n, "%s", > > > p == e->label ? dim->label : OTHER_LABEL); > > > > > In the first version [1] the scnprintf was used but Robert Richter don't > > see any benefit compared with the current implementation. > > > > [1] https://lore.kernel.org/linux-hardening/20210725162954.9861-1-len.baker@gmx.com/ > > Reason is that there is the assumption that p must always point at the > end of the string and its trailing zero byte. I am not opposed using > the string function's return code instead of strlen() to get the > length. But why using formated output if strscpy() can be used? strscpy and scnprintf have different return values and it's simpler and much more common to use scnprintf for appended strings that are limited to a specific buffer length.