|
|
Log in / Subscribe / Register

Ushering out strlcpy()

Ushering out strlcpy()

Posted Aug 26, 2022 2:12 UTC (Fri) by dezgeg (guest, #92243)
In reply to: Ushering out strlcpy() by tialaramex
Parent article: Ushering out strlcpy()

> Anyway, I think the race condition is a practical problem for untrusted input. If I know the kernel will read my program's buffer, find there's a NUL byte in position 814, and then cheerfully copy 814 bytes into some other structure expecting the result to be a 814 byte C-style string, then I can cause some real mischief, which might have been impossible to pull off if the kernel page-copies my entire data structure instead.

Yes, userspace trying to trick the kernel is a valid concern... but I do not get how that is related to strlcpy() topic at all as that function is not anyway safe to call on a userspace pointer!

This whole untrusted and/or racy source argument to strlcpy() is something I don't understand at all... if there is no guarantee on source string being NUL-terminated, then strscpy() will read past the source buffer if it happens to be smaller than the destination buffer.

to post comments

Ushering out strlcpy()

Posted Aug 26, 2022 7:42 UTC (Fri) by LtWorf (subscriber, #124958) [Link]

I think it will read past regardless of the size of the destination buffer.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds