[Ksummit-discuss] [MAINTAINERS SUMMIT] API replacement/deprecation
Kees Cook
keescook at chromium.org
Fri Sep 7 16:10:39 UTC 2018
On Fri, Sep 7, 2018 at 7:33 AM, Theodore Y. Ts'o <tytso at mit.edu> wrote:
> On Thu, Sep 06, 2018 at 04:24:03PM -0700, Kees Cook wrote:
>>
>> Hopefully we can all agree on deprecating strcpy() and strncpy() in
>> favor of strscpy()?
>
> There are some places where I use strncpy for a character array which
> is *not* a null-terminated string. What is the preferred alternative
> for me? I can suppress the problem when gcc complains about it using:
>
> + __u8 s_first_error_func[32] __nonstring; /* function where the error happened */
>
> But if we do a blanket deprecation, what should I use instead?
strncpy() is a weird one. I think we can easily say "no strcpy()" but
for strncpy() we need to examine the existing use-cases:
- non-NUL-terminated: use memcpy?
- NEEDS trailing NUL padding: ... no solution yet. invent strscpy_pad() ?
- "safe" strcpy(): use strscpy()
-Kees
--
Kees Cook
Pixel Security
More information about the Ksummit-discuss
mailing list