netdev
[Top] [All Lists]

Re: [PATCH 2.6]: IPv6: strcpy -> strlcpy

To: Felipe Alfaro Solana <felipe_alfaro@xxxxxxxxxxxxx>, "YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B" <yoshfuji@xxxxxxxxxxxxxx>, davem@xxxxxxxxxx, Linux Kernel Mailinglist <linux-kernel@xxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
Subject: Re: [PATCH 2.6]: IPv6: strcpy -> strlcpy
From: Mitchell Blank Jr <mitch@xxxxxxxxxx>
Date: Thu, 27 Nov 2003 17:34:08 -0800
In-reply-to: <20031127223348.G25015@xxxxxxxxxxxxxxxxxxxxxx>
References: <1069934643.2393.0.camel@xxxxxxxxxxxxxxxxxxxxxxxx> <20031127.210953.116254624.yoshfuji@xxxxxxxxxxxxxx> <20031127194602.A25015@xxxxxxxxxxxxxxxxxxxxxx> <20031128.045413.133305490.yoshfuji@xxxxxxxxxxxxxx> <20031127200041.B25015@xxxxxxxxxxxxxxxxxxxxxx> <1069970770.2138.10.camel@xxxxxxxxxxxxxxxxxxxxxxxx> <20031127221928.F25015@xxxxxxxxxxxxxxxxxxxxxx> <20031127223348.G25015@xxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.4.1i
Russell King wrote:
> Sorry, bad example.  Hmm, from a glance around, it seems that all of
> the places which use strncpy() implicitly zero the buffer prior to
> using strncpy().
> 
> This means that the x86 strncpy is doing unnecessary zeroing.  I do
> remember Alan complaining about the last set of strlcpy() stuff
> introducing information leaks - maybe those got fixed though.

The problem is that most places you're filling in an array in a struct.
So even if you use strncpy() everywhere you can still get bitten if the
compiler inserts any padding for alignment on some architecture (since
even if you fully initialize each char[] array in the structure using
strncpy you might still leak info in padding bytes)

The safest thing to do in these cases is:
  1. memset() the array before you start
  2. strlcpy() for filling each char[] array (since strncpy would just
     re-zero those bytes it's wasteful)

Yes, the full memset() is a small waste, but its safe.  In 99% of these
cases we're talking about some weird ioctl() or something that's way off
the fast path anyways.

I pointed this out some months ago and someone (forgot who) replied that
there shouldn't be any padding in any struct exported from the kernel.
They added a compiler warning for structure padding in the -mm series for
a few days, but I guess it caused so many warnings that they took it right
out again, so I believe that there ARE plenty of places that user-visible
struct's get padded by the ABI of some platforms.  If there's some difinitive
evidence that padding never happens I'd like to see it.

-Mitch

<Prev in Thread] Current Thread [Next in Thread>