[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)

package kernel-source-2.4.27
reopen 280492
thanks

> Both 2.4 and 2.6 upstream do not NULL terminate dest
> if count is exceeded. This is documented in the kernel
> and appears to be quite intentional. I am closing this
> accordingly.

I think you missed the point here. The problem is that if the copied
string is shorter than the destination buffer, part of the old contents of
the destination remains unchanged and might be leaked to userspace. This
behaviour IS fixed in 2.6, so upstream thinks it IS a (small) problem [1].

BTW, I found a patch for ppc64 and s390 [2].


[1] http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
[2] http://www.ultramonkey.org/bugs/patch/linux-2.4.21-strncpy-zero-pad.patch
Reply to: