From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=sy4p=GW=cs.ucla.edu=eggert@sourceware.org>
Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66])
	by sourceware.org (Postfix) with ESMTPS id 2C74D3858D1E
	for <libc-alpha@sourceware.org>; Thu,  9 Nov 2023 18:11:12 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2C74D3858D1E
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2C74D3858D1E
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=131.179.128.66
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699553473; cv=none;
	b=tkcwX7TKX79tSZkqNbo8eBPBxk474A1yAuFVuSMDmWPQpAJxrde2sDMEw7cjHIJ3F0/KcqxTkMoTpfcttyZ8g4fkLVhFlZC02aL79t/W8WJGpus1gFGkThcGq3UNJHXDaogVkpx0BqotM53AtmbZpxtUgA0qz7uc6LfpYqAIgSY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1699553473; c=relaxed/simple;
	bh=R/4y2oWsf+qHp9NiaxeK+kGJUFJBWPaL87lLIUs+Ars=;
	h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=T6rN4PjvJ2hi0rehI0qT86S/G1IPEmvWgzqxKpwoCASxBFHwDhkTL4uHWg+dVQGy4HjeIiVf3WZbWp6vnrlIpPFou69hXLJDp5JD2A2fjvD3si3OMODHJ0s/f/ygFqIRjwgGyI4YFkeuqJVE0sxpjyE52hBUlrleke52+TaEijA=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from localhost (localhost [127.0.0.1])
	by mail.cs.ucla.edu (Postfix) with ESMTP id 40EB93C011BDC;
	Thu,  9 Nov 2023 10:11:11 -0800 (PST)
Received: from mail.cs.ucla.edu ([127.0.0.1])
	by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id u3ooyhGvNewr; Thu,  9 Nov 2023 10:11:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by mail.cs.ucla.edu (Postfix) with ESMTP id E42783C011BDE;
	Thu,  9 Nov 2023 10:11:10 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu E42783C011BDE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
	s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1699553470;
	bh=ZQamnXHbJT4VVtSioVHHxz0yLNDu3DEErvwwr+u9RXQ=;
	h=Message-ID:Date:MIME-Version:To:From;
	b=f5Moe9f116PuzTREujKc6l1R273JUiOPJH6y9SbUZBKMhyPG77FfhhKRhdTgpaDkN
	 2Vho4Gq2WCKVNkT7HtxAiekeM494kZH8R/sU6SxnHd2wPmY2FRsgiB0nTz6Aq4UZnD
	 EyaceFko3ylreT1xBu7FB7mh06a97NLuTHK0TzqqL9Df+s3raj8Sjxok9cNFgRyq4S
	 R3foDEpmZtrS0vwTeyiyfR+TuOjWiVAJcpSN6aaVSW5J0kUXQeFLuhxiRYabjC31Mh
	 kTqa0NIo8F3/CBtKqBv9fHeZK6QYugCvw/A749wKtAjZqwsjrtZDrQycPlN1WsB4Q5
	 fl8kqWBjs52kw==
X-Virus-Scanned: amavisd-new at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
	by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id o4Fkr0D7Afas; Thu,  9 Nov 2023 10:11:10 -0800 (PST)
Received: from [192.168.254.12] (unknown [47.148.192.211])
	by mail.cs.ucla.edu (Postfix) with ESMTPSA id B9DC23C011BDA;
	Thu,  9 Nov 2023 10:11:10 -0800 (PST)
Message-ID: <f10a21e1-570c-4166-b060-afb2de93aede@cs.ucla.edu>
Date: Thu, 9 Nov 2023 10:11:10 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: strncpy clarify result may not be null terminated
To: Alejandro Colomar <alx@kernel.org>, Jonny Grant <jg@jguk.org>
Cc: Matthew House <mattlloydhouse@gmail.com>,
 linux-man <linux-man@vger.kernel.org>,
 GNU C Library <libc-alpha@sourceware.org>
References: <cfbd8674-fe6a-4430-95f1-ec8bde7da32e@jguk.org>
 <ZUacobMq0l_O8gjg@debian> <aeb55af5-1017-4ffd-9824-30b43d5748e3@jguk.org>
 <ZUgl2HPJvUge7XYN@debian> <d40fffcb-524d-44b6-a252-b55a8ddc9fee@jguk.org>
 <ZUo6btEFD_z_3NcF@devuan> <20231108021240.176996-1-mattlloydhouse@gmail.com>
 <ZUvilH5kuQfTuZjy@debian> <20231109031345.245703-1-mattlloydhouse@gmail.com>
 <250e0401-2eaa-461f-ae20-a7f44d0bc5ad@jguk.org> <ZUzEw2j6gHF5WtsO@debian>
Content-Language: en-US
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <ZUzEw2j6gHF5WtsO@debian>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On 2023-11-09 03:38, Alejandro Colomar wrote:
> If you are consistent in checking the return value of strlcpy(3) and
> reporting an error, it's the best standard alternative nowadays.

Not necessarily. strlcpy is subject to denial-of-service attacks if the 
attacker has control of the source string and can attack by using long 
source strings. strncpy, as bad as it is, does not have this problem.

Instead of this:

    if (strlcpy (dst, src, dstsize) == dstsize)
      return failure;

applications that want want to copy a string into a small nonempty 
fixed-size buffer, failing if the string doesn't fit, should do 
something like this:

    if (strncpy (dst, src, dstsize)[dstsize - 1])
      return failure;

This avoids the denial-of-service attack and is portable all the way 
back to K&R C.

It's unfortunate that strlcpy was misdesigned but here we are.