[Semibug] Potential danger of strlcpy

Gregory Czerniak gregczrk at gmail.com
Tue Nov 19 22:07:05 EST 2019


>From our discussion tonight: it can be dangerous to replace strncpy() calls
with strlcpy() in a kernel setting [1].  The problem is that since
strlcpy() doesn't zero out the remainder of a string buffer like strncpy(),
it can lead to inadvertent leaks of data from the kernel.  If that unzeroed
section of memory happens to contain internal kernel memory addresses, it
could be used to help defeat ASLR.

[1] https://twitter.com/grsecurity/status/1082957293489147904
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org:8080/pipermail/semibug/attachments/20191119/710c99a4/attachment.html>


More information about the Semibug mailing list