Hi Kees, On Mon, 25 Feb 2019 09:06:55 -0800 Kees Cook <[email protected]> wrote:
> On Mon, Feb 25, 2019 at 6:06 AM Masami Hiramatsu <[email protected]> wrote: > > +static __always_inline long strncpy_from_unsafe_common(char *dst, > > + const char __user *unsafe_addr, long count) > > +{ > > + const char __user *src = unsafe_addr; > > + int ret; > > + > > + pagefault_disable(); > > + do { > > + ret = __get_user(*dst++, src++); > > + } while (dst[-1] && ret == 0 && src - unsafe_addr < count); > > + dst[-1] = '\0'; > > + pagefault_enable(); > > + > > + return ret ? -EFAULT : src - unsafe_addr; > > +} > > I'm all for always NUL-truncating, but this isn't "strncpy" (which has > the buggy maybe-I-didn't-NUL-terminate behavior). Can we call this > strscpy_...() instead? Yes, it is easy to me to fit it to strscpy spec and caller side too. But if we reuse strncpy_from_user() as Linus suggested, it may be better keep it or write a wrapper, since this function spec is still a bit different from strscpy (this doesn't return -E2BIG but returns the copied length of the string with NULL terminal byte). Thank you, -- Masami Hiramatsu <[email protected]>
