| Message ID | 20190218232308.11241-3-tobin@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | lib: Add safe string funtions | expand |
On Mon, Feb 18, 2019 at 3:24 PM Tobin C. Harding <tobin@kernel.org> wrote: > > Current documentation uses 'overflow' to describe a situation where less > data is written to a buffer than buffer size not more. 'overflow' is > the wrong word here - since we don't typically say 'underflow' change > the whole sentence. > > Fix erroneous 'overflow' documentation for under filled buffer. > > Signed-off-by: Tobin C. Harding <tobin@kernel.org> > --- > lib/string.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/string.c b/lib/string.c > index 38e4ca08e757..7f1d72db53c5 100644 > --- a/lib/string.c > +++ b/lib/string.c > @@ -173,8 +173,8 @@ EXPORT_SYMBOL(strlcpy); > * > * Preferred to strncpy() since it always returns a valid string, and > * doesn't unnecessarily force the tail of the destination buffer to be > - * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy() > - * with an overflow test, then just memset() the tail of the dest buffer. > + * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy(), > + * check the return size, then just memset() the tail of the dest buffer. > */ I'd just fold this patch into the strscpy_zeroed() patch. No need for a kind of "no op" change here when we'll just change it again with a better advice ("use strscpy_zeroed()!")
On Wed, Feb 20, 2019 at 04:02:37PM -0800, Kees Cook wrote: > On Mon, Feb 18, 2019 at 3:24 PM Tobin C. Harding <tobin@kernel.org> wrote: > > > > Current documentation uses 'overflow' to describe a situation where less > > data is written to a buffer than buffer size not more. 'overflow' is > > the wrong word here - since we don't typically say 'underflow' change > > the whole sentence. > > > > Fix erroneous 'overflow' documentation for under filled buffer. > > > > Signed-off-by: Tobin C. Harding <tobin@kernel.org> > > --- > > lib/string.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/lib/string.c b/lib/string.c > > index 38e4ca08e757..7f1d72db53c5 100644 > > --- a/lib/string.c > > +++ b/lib/string.c > > @@ -173,8 +173,8 @@ EXPORT_SYMBOL(strlcpy); > > * > > * Preferred to strncpy() since it always returns a valid string, and > > * doesn't unnecessarily force the tail of the destination buffer to be > > - * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy() > > - * with an overflow test, then just memset() the tail of the dest buffer. > > + * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy(), > > + * check the return size, then just memset() the tail of the dest buffer. > > */ > > I'd just fold this patch into the strscpy_zeroed() patch. No need for > a kind of "no op" change here when we'll just change it again with a > better advice ("use strscpy_zeroed()!") Got it. thanks, Tobin.
diff --git a/lib/string.c b/lib/string.c index 38e4ca08e757..7f1d72db53c5 100644 --- a/lib/string.c +++ b/lib/string.c @@ -173,8 +173,8 @@ EXPORT_SYMBOL(strlcpy); * * Preferred to strncpy() since it always returns a valid string, and * doesn't unnecessarily force the tail of the destination buffer to be - * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy() - * with an overflow test, then just memset() the tail of the dest buffer. + * zeroed. If the zeroing is desired, it's likely cleaner to use strscpy(), + * check the return size, then just memset() the tail of the dest buffer. */ ssize_t strscpy(char *dest, const char *src, size_t count) {
Current documentation uses 'overflow' to describe a situation where less data is written to a buffer than buffer size not more. 'overflow' is the wrong word here - since we don't typically say 'underflow' change the whole sentence. Fix erroneous 'overflow' documentation for under filled buffer. Signed-off-by: Tobin C. Harding <tobin@kernel.org> --- lib/string.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)