From nobody Thu Sep 02 21:30:01 2021
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 343E817BA545
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Thu,  2 Sep 2021 21:30:13 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4H0vGY08Fqz3pxD
	for <freebsd-hackers@FreeBSD.org>; Thu,  2 Sep 2021 21:30:12 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (v-critter.freebsd.dk [192.168.55.3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by phk.freebsd.dk (Postfix) with ESMTPS id 39F6789284;
	Thu,  2 Sep 2021 21:30:05 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.16.1/8.16.1) with ESMTPS id 182LU1ai072510
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Thu, 2 Sep 2021 21:30:01 GMT
	(envelope-from phk@critter.freebsd.dk)
Received: (from phk@localhost)
	by critter.freebsd.dk (8.16.1/8.16.1/Submit) id 182LU19L072509;
	Thu, 2 Sep 2021 21:30:01 GMT
	(envelope-from phk)
Message-Id: <202109022130.182LU19L072509@critter.freebsd.dk>
To: jo@bruelltuete.com,
        Johannes Totz via freebsd-hackers <freebsd-hackers@FreeBSD.org>
Subject: Re: String functions considered unsafe in kernel
In-reply-to: <2b59c3ae-8330-facd-def9-c0640c56cf3a@bruelltuete.com>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
References: <2b59c3ae-8330-facd-def9-c0640c56cf3a@bruelltuete.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <72507.1630618201.1@critter.freebsd.dk>
Date: Thu, 02 Sep 2021 21:30:01 +0000
X-Rspamd-Queue-Id: 4H0vGY08Fqz3pxD
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

--------
Johannes Totz via freebsd-hackers writes:

> there are a few string (copy, formatting) functions I would consider 
> unsafe when used in kernel, in particular when used with untrusted input 
> coming from user space.

This is precisely why des@ and I designed at created <sys/sbuf.h>.

Use it.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.