Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754445AbZKLVle (ORCPT ); Thu, 12 Nov 2009 16:41:34 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754312AbZKLVl3 (ORCPT ); Thu, 12 Nov 2009 16:41:29 -0500 Received: from tundra.namei.org ([65.99.196.166]:56688 "EHLO tundra.namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754289AbZKLVl2 (ORCPT ); Thu, 12 Nov 2009 16:41:28 -0500 Date: Fri, 13 Nov 2009 08:41:26 +1100 (EST) From: James Morris To: Casey Schaufler cc: Julia Lawall , "Serge E. Hallyn" , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp In-Reply-To: <4AFC3620.2020809@schaufler-ca.com> Message-ID: References: <20091112145314.GA24682@us.ibm.com> <4AFC3620.2020809@schaufler-ca.com> User-Agent: Alpine 2.00 (LRH 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 861 Lines: 27 On Thu, 12 Nov 2009, Casey Schaufler wrote: > I strongly suggest that this is not what is wanted. > strcmp(x,y) > and > strncmp(x,y,sizeof(y)) > > are functionally equivalent and strcmp has a bad reputation in > the security community because it is associated with potential > buffer overrun issues. Do you see potential for a buffer overrun in this case? The strings being compared are "sysfs" and the name field of 'struct file_system_type'. The kernel code elsewhere assumes the latter string to be a valid zero-terminated string, and we should, too. - James -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/