Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp

[Casey Schaufler]

James Morris wrote:
> On Thu, 12 Nov 2009, Casey Schaufler wrote:
>
>   
>> I strongly suggest that this is not what is wanted.
>>     strcmp(x,y)
>> and
>>     strncmp(x,y,sizeof(y))
>>
>> are functionally equivalent and strcmp has a bad reputation in
>> the security community because it is associated with potential
>> buffer overrun issues.
>>     
>
> Do you see potential for a buffer overrun in this case?
>   

No, but I hate arguing with people who think that every time
they see strcmp that they have found a security flaw. The
existing code does exactly what it is intended to. Why make
a change that just clutters things up?

> The strings being compared are "sysfs" and the name field of 'struct 
> file_system_type'.  The kernel code elsewhere assumes the latter string to 
> be a valid zero-terminated string, and we should, too.
>
>
> - James
>   

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/