On Sun, 12 Mar 2017, simran singhal wrote: > Replace strcpy with strlcpy as strcpy does not check for buffer > overflow. > This is found using Flawfinder. > > Signed-off-by: simran singhal <singhalsimran0@xxxxxxxxx> > --- > > v2: > -Correcting the place of the parenthesis > > drivers/staging/android/ashmem.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c > index 7cbad0d..eb2f4ef 100644 > --- a/drivers/staging/android/ashmem.c > +++ b/drivers/staging/android/ashmem.c > @@ -548,7 +548,8 @@ static int set_name(struct ashmem_area *asma, void __user *name) > if (unlikely(asma->file)) > ret = -EINVAL; > else > - strcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name); > + strlcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name, > + sizeof(asma->name + ASHMEM_NAME_PREFIX_LEN)); This appears to be the old patch. Actually, looking closer, I don't think this is right at all. There seems to be a goal of leaving some space at the beginning of asma->name. So the amount of space available for local_name would be computed using a subtraction, not an addition. julia > > mutex_unlock(&ashmem_mutex); > return ret; > -- > 2.7.4 > > -- > You received this message because you are subscribed to the Google Groups "outreachy-kernel" group. > To unsubscribe from this group and stop receiving emails from it, send an email to outreachy-kernel+unsubscribe@xxxxxxxxxxxxxxxx. > To post to this group, send email to outreachy-kernel@xxxxxxxxxxxxxxxx. > To view this discussion on the web visit https://groups.google.com/d/msgid/outreachy-kernel/20170311211725.GA12884%40singhal-Inspiron-5558. > For more options, visit https://groups.google.com/d/optout. > _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
