Re: unsafe strlcpy

To: <tech-security%netbsd.org@localhost>, Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: unsafe strlcpy
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sat, 15 Feb 2020 13:36:52 +0100

First of all:

Le 08/02/2020 à 15:54, Maxime Villard a écrit :

[I am not subscribed to this list, so if you want to answer, make sure to CC me]


Then:

Neither strlcpy nor copystr is safe


copystr stops reading both buffers if the limit (size) is reached, therefore
it would have been safe to use in the cases I mentioned, contrary to strlcpy.

in netbsd32_ioctl it should just be replaced with memcpy().


Actually, here, yes.

The correct way is to safely parse the input, e.g. with strnvisx.


Yeah, but my point was, more importantly, the printfs should be under debug
only or at the very least rate-limited.

Maxime

References:
- unsafe strlcpy
  - From: Maxime Villard

Prev by Date: Re: unsafe strlcpy
Next by Date: NetBSD Security Advisory 2020-002: Specific ICMPv6 error message packet can crash the system
Previous by Thread: Re: unsafe strlcpy
Next by Thread: strscpy
Indexes:

Home | Main Index | Thread Index | Old Index