[Semibug] Potential danger of strlcpy
Mike O'Connor
mjo at dojo.mi.org
Wed Nov 20 06:03:53 EST 2019
:From our discussion tonight: it can be dangerous to replace strncpy() calls
:with strlcpy() in a kernel setting [1]. The problem is that since strlcpy()
:doesn't zero out the remainder of a string buffer like strncpy(), it can lead
:to inadvertent leaks of data from the kernel. If that unzeroed section of
:memory happens to contain internal kernel memory addresses, it could be used to
:help defeat ASLR.
:
:[1] https://twitter.com/grsecurity/status/1082957293489147904
FWIW, strlcpy doesn't zero out the remainder of the string buffer for
performance reasons. zero-filling has a non-zero cost.
In general, strlcpy won't really help you if you're not checking its
return value (assuming you can ascertain what to check against)
I'm amused that you're citing a Linux security guru, when strlcpy has
BSD history and is still verboten in glibc. :)
-Mike
--
Michael J. O'Connor mjo at dojo.mi.org
=--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"I go to school, but I never learn what I want to know." -Calvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.nycbug.org:8080/pipermail/semibug/attachments/20191120/9da5747f/attachment.bin>
More information about the Semibug
mailing list