On 10/18/23 20:04, Gurchetan Singh wrote:
> +
> + ret = strncpy_from_user(vfpriv->debug_name,
> + u64_to_user_ptr(value),
> + DEBUG_NAME_MAX_LEN);
> +
> + if (ret < 0) {
> + ret = -EFAULT;
> + goto out_unlock;
> + }
> +
> + /*
> + * strncpy_from_user doesn't copy the NULL terminator when
> + * DEBUG_NAME_MAX_LEN bytes is copied. Fix that here.
> + */
> + if (ret == DEBUG_NAME_MAX_LEN)
> + vfpriv->debug_name[DEBUG_NAME_MAX_LEN - 1] = '\0';
If you'll copy DEBUG_NAME_MAX_LEN-1 bytes, then string will be always
NULL-terminated. It is a standard practice for strncpy usage to do it
like this:
ret = strncpy_from_user(vfpriv->debug_name,
u64_to_user_ptr(value),
DEBUG_NAME_MAX_LEN - 1);
--
Best regards,
Dmitry
