Re: [PATCH v6 8/9] soc: qcom: apr: Avoid string overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed 29 Aug 00:57 PDT 2018, Niklas Cassel wrote:

> 'adev->name' is used as a NUL-terminated string, but using strncpy() with the
> length equal to the buffer size may result in lack of the termination:
> 
> In function 'apr_add_device',
>     inlined from 'of_register_apr_devices' at drivers//soc/qcom/apr.c:264:7,
>     inlined from 'apr_probe' at drivers//soc/qcom/apr.c:290:2:
> drivers//soc/qcom/apr.c:222:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation]
>    strncpy(adev->name, np->name, APR_NAME_SIZE);
>    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> This changes it to use the safer strscpy() instead.
> 
> Signed-off-by: Niklas Cassel <niklas.cassel@xxxxxxxxxx>

Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>

Regards,
Bjorn

> ---
>  drivers/soc/qcom/apr.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/soc/qcom/apr.c b/drivers/soc/qcom/apr.c
> index 57af8a537332..ee9197f5aae9 100644
> --- a/drivers/soc/qcom/apr.c
> +++ b/drivers/soc/qcom/apr.c
> @@ -219,9 +219,9 @@ static int apr_add_device(struct device *dev, struct device_node *np,
>  	adev->domain_id = id->domain_id;
>  	adev->version = id->svc_version;
>  	if (np)
> -		strncpy(adev->name, np->name, APR_NAME_SIZE);
> +		strscpy(adev->name, np->name, APR_NAME_SIZE);
>  	else
> -		strncpy(adev->name, id->name, APR_NAME_SIZE);
> +		strscpy(adev->name, id->name, APR_NAME_SIZE);
>  
>  	dev_set_name(&adev->dev, "aprsvc:%s:%x:%x", adev->name,
>  		     id->domain_id, id->svc_id);
> -- 
> 2.17.1
> 



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux