6 years and 360 patches to clean all instances of strnpy out of the Linux kernel
7 days ago
- #Linux Security
- #String Functions
- #C Programming
- The C string library, while fast, can cause buffer overrun errors if used incorrectly, posing security risks.
- strcpy() is problematic when source strings are larger than the destination buffer or not NULL-terminated, potentially allowing hackers to overwrite memory.
- strncpy() was introduced to limit copying but often leaves strings non-NULL terminated, leading to errors and unnecessary padding.
- Linux spent six years and over 360 patches to remove strncpy, replacing it with functions like strscpy() that guarantee NULL termination and clearer semantics.
- New functions such as strscpy_pad() and strtomem_pad() separate string copying from padding, improving security and efficiency.
- Despite its flaws, the C string library has been widely used since 1972, and these updates aim to fix shortcomings while maintaining efficiency.