David Brown
authored
Software security is an important issue, in general, but it is especially important in Linux kernel code. Buffer overflows can have wide-reaching ramifications and can often be readily exploited to compromise the entire system. It is important for every developer to be aware of security issues while writing code. However, I've noticed a few "rules" about coding that are resulting in code that isn't any more secure, and has the disadvantage of obscuring what the code is doing. In most instances, the "corrected" code is actually wrong: we've traded a perceived lack of safety for incorrect behavior. These obfuscations also make this code more distant from upstream kernel standards. I'm only going to focus here on strcmp/strncmp and strlen/strnlen. I choose these two, because in the context of the kernel, it's not easy to make a general rule, such as "always use the 'n' variant". These function have different behavior, and the 'n' isn't just a blanket...