Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp16855rdb; Wed, 18 Oct 2023 16:23:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHc5SEsbGb+xNSrtBLqS6VDpICDb/BPwUHKxfvYuFkRGeZaPtsB+1mrqwiV/5yZINx+A8ov X-Received: by 2002:a17:902:bc47:b0:1ca:7086:60ec with SMTP id t7-20020a170902bc4700b001ca708660ecmr814267plz.65.1697671434492; Wed, 18 Oct 2023 16:23:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697671434; cv=none; d=google.com; s=arc-20160816; b=iK5B9qoKBGcx0oWxSfyCib1YVlK1wzeaUUMjhVUX739821zC0XmCdtPjH4/KhYskXQ X8zLMT4gIRGtsfPzNRFIwjk4HNX7kzzUwmo6+40EhwLQmabzDiflRxI6HaqWu7p7j5nr ngONCiYECWuWJe33ib1QRkOFZ7+amWo1MzKOIrrKyZtiWL3qCSQCWKZSVsD67N5Otmkv +2eA64f705YIY0mznMRHGykJQfATRhXQoL8dCneoWRjrxW6eaDnkZyHLX3aPyLH1MoIK eqn+3BWbE7DziQHccJwdaoz+60ra4lYqKp5/gxHsjTpkstd26Aam4wfyqLyD129MKLK2 CSMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:subject:message-id:date:from:mime-version :dkim-signature; bh=aPhK2v2olpWwvbqgYWUIgHGAZuQtwrggUX5EKpXeoYU=; fh=/3oqJm8htHw0xkJSs0BXy2KbZ6z1QhqsMEhKJdyr/5o=; b=y1ctJE4XFsN0Iw7h8NqDskCaQpg44VJQ64G4v4kwSiGa8nv2z7lpQjzZZahibxKiSe PyzAHEX3wH0O35rMgu4GH+1PZMegMfxTB28FM3bb98V0EPCdBtG3hqjHlL8ODWZDbAn2 qZ5GH8eXSXHZxdIgHyl15BldwWDTt1OqoV+zjAzeB1jtPpTuOusLoUV76DbZAPLeQh7G qcjIYF7We6Pq3jCK+i2PZX6cOk4vvdA+tZh/S9LBUqKcVgvDp4NS0jy9YnLNWfYMfBuC fD9sEA6tpNdS7h4Fc7eFimo9UToLv/bIQTDLCFRqQTro0YVdXbr2C85/8qwXkC3CAk11 q3sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ZXyMgwn8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id k14-20020a170902c40e00b001c9cc243868si1019277plk.618.2023.10.18.16.23.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 16:23:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ZXyMgwn8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 6564580EE757; Wed, 18 Oct 2023 16:23:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229632AbjJRXXO (ORCPT + 99 others); Wed, 18 Oct 2023 19:23:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229679AbjJRXXN (ORCPT ); Wed, 18 Oct 2023 19:23:13 -0400 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87D34116 for ; Wed, 18 Oct 2023 16:23:11 -0700 (PDT) Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-9b96c3b4be4so1157005566b.1 for ; Wed, 18 Oct 2023 16:23:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697671390; x=1698276190; darn=vger.kernel.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=aPhK2v2olpWwvbqgYWUIgHGAZuQtwrggUX5EKpXeoYU=; b=ZXyMgwn8X+KBBEpAfbKI9KKaQecfkscFkKItp5ifFxAHnf7py1cy+x2lOqd9dXGgE/ Ezb/dZ9NHKOGoLcitGYlz+IF3PhpnrZmaqBOWqBC+Rf4Q93ybQyGXzXr6dLJr3DtowII I0RVQSADTSSeEFBogzLpHA2FbcaJcxdiLKFGLPx9RRaqQzToFwluY9YcXtPxSt0RLFNn /Q6IHSuRwDLiKIsyuhrrTgkHkxQgLT8cIc5HFUKYSiHKe16ZuWWdGfEXzbRtW2NXhFjb c7lzSdybRpT6w3MZOUnSgsSJvRAvxC6BXBAp3ohBSgqprGgf7KoAtrNdz6mTRlIPmH4a DvRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697671390; x=1698276190; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=aPhK2v2olpWwvbqgYWUIgHGAZuQtwrggUX5EKpXeoYU=; b=VRbvj/oOju80KuSTuqzkf68Wj3tq64Y0FTZUX73Ll44pJtBXFsoXWyQu60nUf3Oeo7 eEDxcH8eSaiNTgD9aYiwHqknkSoDI+bNg7kPqWoWZNfrqqLr8+yFaqfxVaVBH/9ML6TK V3yDcrZ1SfCh58/OlsA7Fp8rWM9/bWfvclEG7xpnOUsHsU1n6zn9St41X1Tt4m91Jj3A TvVRibTh3ge5JONzUfLpihuRN4mHVcTj+DCTmTihuoLrhkQkiZbFIrmpbscxC75k5Vdf XRr0fkIH7dkcfTFAdSlS758QFyiC2ib30+AdRbBMkAXlTlfXJ9eX6PFvzbJXF6zRFwN7 z7ag== X-Gm-Message-State: AOJu0YzUsSYgm3vdwIY2MhofWCIurVrPOb39fwFiZhqb51cp5K2EJnb1 QHJFlcZui3cDfS/QL526vYHC3oV8Bc06FoURThWcVMMbtpw= X-Received: by 2002:a17:907:318c:b0:9b0:552c:b36c with SMTP id xe12-20020a170907318c00b009b0552cb36cmr628157ejb.21.1697671389635; Wed, 18 Oct 2023 16:23:09 -0700 (PDT) MIME-Version: 1.0 From: James Dutton Date: Thu, 19 Oct 2023 00:22:33 +0100 Message-ID: Subject: Is strncpy really less secure than strscpy ? To: LKML Mailing List Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 18 Oct 2023 16:23:51 -0700 (PDT) Is strncpy really less secure than strscpy ? If one uses strncpy and thus put a limit on the buffer size during the copy, it is safe. There are no writes outside of the buffer. If one uses strscpy and thus put a limit on the buffer size during the copy, it is safe. There are no writes outside of the buffer. But, one can fit more characters in strncpy than strscpy because strscpy enforces the final \0 on the end. One could argue that strncpy is better because it might save the space of one char at the end of a string array. There are cases where strncpy might be unsafe. For example copying between arrays of different sizes, and that is a case where strscpy might be safer, but strncpy can be made safe if one ensures that the size used in strncpy is the smallest of the two different array sizes. If one blindly replaces strncpy with strscpy across all uses, one could unintentionally be truncating the results and introduce new bugs. The real insecurity surely comes when one tries to use the string. For example: #include #include int main() { char a[10] = "HelloThere"; char b[10]; char c[10] = "Overflow"; strncpy(b, a, 10); /* This overflows and so in unsafe */ printf("a is %s\n", a); /* This overflows and so in unsafe */ printf("b is %s\n", b); /* This is safe */ printf("b is %.*s\n", 10, a); /* This is safe */ printf("b is %.*s\n", 4, a); return 0; } So, why isn't the printk format specifier "%.*s" used more instead of "%s" in the kernel? Kind Regards James