On Sat, Jul 17, 2021 at 05:51:45PM +0200, Len Baker wrote:
> strcpy() performs no bounds checking on the destination buffer. This
> could result in linear overflows beyond the end of the buffer, leading
> to all kinds of misbehaviors. The safe replacement is strscpy().
>
> Signed-off-by: Len Baker <len.baker@xxxxxxx>
> ---
> drivers/staging/rtl8712/os_intfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c
> index 2214aca09730..9502f6aa5306 100644
> --- a/drivers/staging/rtl8712/os_intfs.c
> +++ b/drivers/staging/rtl8712/os_intfs.c
> @@ -203,7 +203,7 @@ struct net_device *r8712_init_netdev(void)
> if (!pnetdev)
> return NULL;
> if (dev_alloc_name(pnetdev, ifname) < 0) {
> - strcpy(ifname, "wlan%d");
> + strscpy(ifname, "wlan%d", sizeof(ifname));
> dev_alloc_name(pnetdev, ifname);
Not related to your patch but this code is bad. What it does is the
"ifname" can be set as a module parameter. So instead of testing if it
has been set, it uses the checking inside dev_alloc_name() to see if we
can allocate what the user requested. If not then set it to "wlan%d".
If we cannot allocate what the user wants then we should return an
error.
It should do:
if (ifname[0] == '\0')
strscpy(ifname, "wlan%d", sizeof(ifname));
ret = dev_alloc_name(pnetdev, ifname);
if (ret < 0) {
dev_err(pnetdev, "allocating device name failed.\n");
return NULL;
}
regards,
dan carpenter
