Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp749714rwb; Thu, 27 Jul 2023 22:10:24 -0700 (PDT) X-Google-Smtp-Source: APBJJlFRNHpBZp8WI+d1ZwOUZ8Epr6rYWMqFCupwSQLhEefWE3YW/dDN/eNqrgk4Iag+Ev0qg7lg X-Received: by 2002:aa7:cd89:0:b0:522:1f34:8429 with SMTP id x9-20020aa7cd89000000b005221f348429mr938750edv.0.1690521024648; Thu, 27 Jul 2023 22:10:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690521024; cv=none; d=google.com; s=arc-20160816; b=exHMzpyToQ9nuny39pCABec0UeI2N/EY/GOfCMemesViZ0RY8rmsHkmiGmnBvmQj9P xIAPglE7wpPNX+hcWu4KUfLC/b7BRk2MsbHzlOyxeetTPmen2Dhvvjlp1mkswBR68630 wSp6nptngBrwpwpLrhVXCrz+aWc1C/4Rv+Yx6WYAahbY0nfAszxJbIlR7mZLzZoWWm5f FSnpFg6PtNdkVdbKZVAlmD0xSuTuM6S4l6q7K2F3+bhtQyZAUUKNZWToepZ/kapHjleW haJPiN81sBUXSbRP22/SUGGSutdp+bLgrOQCkjTuxtI4VRmuYjkBSEsAXakvwFF+tPRX r2hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=cjIRJIlhawR9doj6UyWzq0FdUe1tMkx5sBOpEewb2Yo=; fh=VSHW4whdUF6Jwe7M8Ct9mGkVwhuPb/ZIdL9A04PWRpg=; b=S9/xtUmDrXruq7DktKPQ0+DJh5t21N4wlFmbjck6w3YDXSONDfE4BWngMSyOSvXNwW 0Lib1+tPZdIrNlgeV17iXCFvfjNxX4BUMrXT4qXZ6IJLVpW5UH2cb6YpoYLfbR0OiTOF KX+jrUr8b+v59/KnlzgdFpXkcpBI8kaIhr2qGlziuw+trYEXrOp/kRJiunh6xqIDHhF/ zqmQLNBspsKKLQRgzje0krzfaiAdlrD1qq3pqICaXqGF2w8VHEfPjWtbxHoDuX769Rm3 9/fgMc/DUhwyqObKKnbiGTGiqcY5zqewu/gyG6VVeiQba3v1TP7SZrbjvuPeYYqBtlFB LTRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u24-20020a056402065800b0051e04ea21ebsi2072179edx.202.2023.07.27.22.09.59; Thu, 27 Jul 2023 22:10:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231708AbjG1E4D (ORCPT + 99 others); Fri, 28 Jul 2023 00:56:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52388 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229946AbjG1E4B (ORCPT ); Fri, 28 Jul 2023 00:56:01 -0400 X-Greylist: delayed 550 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 27 Jul 2023 21:55:59 PDT Received: from mailhost.m5p.com (mailhost.m5p.com [74.104.188.4]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB1DC272D for ; Thu, 27 Jul 2023 21:55:59 -0700 (PDT) Received: from m5p.com (mailhost.m5p.com [IPv6:2001:470:1f07:15ff:0:0:0:f7]) by mailhost.m5p.com (8.16.1/8.15.2) with ESMTPS id 36S4kbWF078991 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Fri, 28 Jul 2023 00:46:43 -0400 (EDT) (envelope-from ehem@m5p.com) Received: (from ehem@localhost) by m5p.com (8.16.1/8.15.2/Submit) id 36S4ka3c078990; Thu, 27 Jul 2023 21:46:36 -0700 (PDT) (envelope-from ehem) Date: Thu, 27 Jul 2023 21:46:36 -0700 From: Elliott Mitchell To: Justin Stitt Cc: Oleksandr Andrushchenko , Jaroslav Kysela , Takashi Iwai , xen-devel@lists.xenproject.org, alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, Kees Cook Subject: Re: [PATCH] ALSA: xen-front: refactor deprecated strncpy Message-ID: References: <20230727-sound-xen-v1-1-89dd161351f1@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230727-sound-xen-v1-1-89dd161351f1@google.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 27, 2023 at 09:53:24PM +0000, Justin Stitt wrote: > Technically, my patch yields subtly different behavior. The original > implementation with `strncpy` would fill the entire destination buffer > with null bytes [3] while `strscpy` will leave the junk, uninitialized > bytes trailing after the _mandatory_ NUL-termination. So, if somehow > `pcm->name` or `card->driver/shortname/longname` require this > NUL-padding behavior then `strscpy_pad` should be used. My > interpretation, though, is that the aforementioned fields are just fine > as NUL-terminated strings. Please correct my assumptions if needed and > I'll send in a v2. "uninitialized bytes" => "leak of sensitive information" => "security hole" One hopes the unitialized bytes don't contain sensitive information, but that is the start of the chain. One can hope the VM on the other end is friendly, but that isn't something to rely on. I'm not in charge of any of the appropriate subsystems, I just happened to randomly look at this as message on a mailing list I'm on. Could be the maintainers will find this acceptable. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445